Threat response: Vulnerability in Microsoft CryptoAPI (CVE-2020-0601)

14-01-2020

Today, Tuesday 14 January, Microsoft published information regarding a vulnerability found in the code handling cryptographic calculations in Windows, the CryptoAPI [1][2]. The vulnerability is registered as CVE-2020-0601. We think that the threat caused by the vulnerability is serious, and therefore inform you about the risks and the possible mitigation steps.

Click to see the update of Januari 17th 2020

Description

The vulnerability relates to the way certain certificates are validated within Windows. An attacker could bypass the validation steps in Windows by crafting a special “spoofed” certificate. In that way, it looks like the attacker presents a valid certificate, although this has never been given to them. Certificates are for example used to setup encrypted connections with websites (TLS/SSL), to sign executables (code signing) and for various other applications.

The following system versions have been affected:

  • Windows 10
  • Windows Server 2016
  • Windows Server 2019

Risk

At the moment of writing this message, no successful attacks have been published. However, since details regarding the vulnerability have been published by Microsoft, attacks may be published within a short period of time. Northwave currently assesses the risk of this vulnerability to be high. The impact of the vulnerability, apart from attacks on code signing and impersonation of websites, will become clearer in the coming days.

Mitigation

Microsoft has already released an update addressing the issue as part of the regular “Patch Tuesday” updates [3], that have been released today. Northwave strongly recommends to update all affected devices as soon as possible.

If you need additional information you can call us by phone or send us an email.

Phone number: 030-3031244 (during business hours)
E-mail: soc@northwave.nl

Do you have an incident right now? Call our CERT number: 0800-2255 2747

Sources

[1]: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

[2]: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

[3]: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan

[4]: https://www.ncsc.nl/actueel/advisory?id=NCSC-2020-0030

[5]: https://kb.cert.org/vuls/id/849224/

Disclaimer
Northwave has made every effort to make this information accurate and reliable. However, the information provided is without warranty of any kind and its use is at the sole risk of the user. Northwave does not accept any responsibility or liability for the accuracy, content, completeness, legality or reliability of the information provided. We shall not be liable for any loss or damage of whatever nature, direct or indirect, consequential or other, whether arising in contract, tort or otherwise, which may arise as a result of your use of, or inability to use, this information or any additional information provided by us in direct or indirect relation to the information provided here.