Vulnerability CryptoAPI CVE-2020-0601

CVE-2020-0601 - CryptoAPI

The vulnerability in the CryptoAPI is dealt with by Microsoft under this link.
CVE-2020-0601 | Windows CryptoAPI Spoffing Vulnerability

The weakness concerns a program library (DLL) called Crypt32.dll. This is located in the directory C: \ Windows \ System32.

Security Update Guide:
https://portal.msrc.microsoft.com/en-us/security-guidance

An attacker could use this vulnerability to, for example, sign executable files with a forged certificate for code signing without the operating system noticing.

The following platforms are affected:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

The severity of the vulnerability is rated as "Important".

impairments:
For example, the following integrity can be compromised.

  • HTTPS connections
  • Signed .exe files
  • Signed emails or files

Vulnerability CryptoAPI CVE-2020-0601