Microsoft announced a patch to address a security vulnerability, CVE-2020-0601, in the core cryptographic component of the Windows. All versions of Windows are affected by the vulnerability and users are advised to update this security patch as soon as possible.
According to Microsoft, the vulnerability exists in the Crypt32.dll, a Windows component that implements various cryptographic messaging and certificate functions. Through this vulnerability, a hacker can use this code signing component to sign the otherwise malicious codes, making the file as if it appeared from a trusted source. On the other hand, users will not know the file’s malicious origins.
What harm can this vulnerability do?
Microsoft also said that the vulnerability could also be exploited to conduct man-in-the-middle attacks to decrypt confidential information from the user’s computer.
This vulnerability can affect a wide range of Windows applications, including the Windows desktop authentication as well as on the data protected by the browsers. Several third-party apps are also likely to be affected.
The security update is marked Important by Microsoft and contains a host of security updates for various platforms. Users can download the security updates here.
There is no mitigation and workaround for this vulnerability, and therefore the Microsoft has requested the uses to download the patches at an earliest.
How can I know if an attacker has used the vulnerability to forge the certificates?
After you have applied the patches, “the system will generate Event ID 1 in the Event Viewer after each reboot under Windows Logs/Application when an attempt to exploit a known vulnerability ([CVE-2020-0601] cert validation) is detected”, Microsoft said in the security update guide.
As per Kerbsonsecurity, Microsoft has quietly shipped the patch to US military and other players managing the critical Internet infrastructure. However, Microsoft denied this allegation.