Microsoft released a patch for vulnerability CVE-2020-0601 on January 14, 2020. CVE-2020-0601 is a vulnerability that malicious parties can exploit to bypass the validation mechanisms of Windows CryptoAPI. This vulnerability allows malicious parties to spoof code-signing certificates to sign malware, which makes the malware seen as originating from a trusted source. Alibaba Cloud has synchronized this update to the Windows system update source. We recommend that you update the operating system of your ECS instance with the latest patches at your earliest convenience.
Detected vulnerability
- Vulnerability number: CVE-2020-0601
- Vulnerability severity: critical
- Patch update time: January 14, 2020
- Affected versions:
- Windows 10
- Windows Server 2016
- Windows Server 2019
- Windows Server Version 1809
- Windows Server Version 1903
- Windows Server Version 1909
Details
Vulnerability CVE-2020-0601 exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates, and poses critical security risks to the following trusted entities:
- HTTPS connections
- Signed files and emails
- Signed executable programs that are started in user mode
Malicious parties can exploit this vulnerability to spoof code-signing certificates that can be used to sign malicious files or to launch man-in-the-middle attacks to decrypt confidential information over user connections to the affected software.
Security suggestion
Install the patch for vulnerability CVE-2020-0601 at your earliest convenience.
Solution
You can use one of the following methods to install the patch for vulnerability CVE-2020-0601:
- Method 1: Use the Windows Update program to install the new security updates or cumulative updates released in January 2020.
- Method 2: Visit the official Microsoft website to download the patch from CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability.
Announcing party
Alibaba Cloud Computing Co., Ltd.