Windows CryptoAPI Spoofing Vulnerability – CVE-2020-0601
This Security Bulletin relates to the reported Microsoft Windows 10 vulnerability. This could allow a Windows 10 PC to be vulnerable to attack. The USA National Institute of Standards and Technology (NIST) has given the vulnerability a score of 8.1/10 – High.
Microsoft has released a patch to resolve this issue, and Taylor Made has commenced implementation to all itBusinessCare customers.
Our technical teams are actively monitoring the patch deployment to ensure all supported devices are updated. This work commenced on Friday, 17th January and we aim to complete this process by 22nd January 2020.
itBusinessCare customers are not required to take any further action and there will be minimal impact to system performance during the implementation of the update.
If you have any concerns, please do not hesitate to contact Paul Sylvester, Matt Faulkner or your Account Management Team for further information.
For the more technically minded – Frequently Asked Questions
How can I tell if someone is attempting to use a forged certificate to exploit this vulnerability?
- After the applicable Windows update is applied, the system will generate Event ID 1 in the Event Viewer after each reboot under Windows Logs/Application when an attempt to exploit a known vulnerability ([CVE-2020-0601] cert validation) is detected.
- This Event is raised by a User mode process.
Are versions older than Windows 10 versions affected by this vulnerability?
No, only Windows 10 versions of the OS are affected. In the initial release of Windows 10 (Build 1507, TH1), Microsoft added support for ECC parameters configuring ECC curves. Prior to this, Windows only supported named ECC curves. The code which added support for ECC parameters also resulted in the certificate validation vulnerability. It was not a regression, and versions of Windows which don’t support ECC parameters configuring ECC curves (Server, 2008, Windows 7, Windows 8.1 and servers) were not affected.
Do I need to do anything to complete the Windows 10 update?
For all our itBusinessCare customers we are completing a silent patch release. There is no need for you to take any further action at this time.
For any customers without itBusinessCare, feel free to contact our Account Management team to discuss how we can assist you.