CVE-2020-0601 - CryptoAPI
The vulnerability in the CryptoAPI is dealt with by Microsoft under this link.
CVE-2020-0601 | Windows CryptoAPI Spoffing Vulnerability
The weakness concerns a program library (DLL) called Crypt32.dll. This is located in the directory C: \ Windows \ System32.
Security Update Guide:
An attacker could use this vulnerability to, for example, sign executable files with a forged certificate for code signing without the operating system noticing.
The following platforms are affected:
- Windows 10
- Windows Server 2016
- Windows Server 2019
The severity of the vulnerability is rated as "Important".
For example, the following integrity can be compromised.
- HTTPS connections
- Signed .exe files
- Signed emails or files