CVE-2020-0601: Microsoft Windows CryptoAPI Spoofing Vulnerability.
Microsoft Windows CryptoAPI Spoofing Vulnerability. Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.
- CISA KEV-listed (remediation due 2022-05-03)
- EPSS 94.1% (99.9% percentile)
Detection rules
- Audit CVE Event critical