CVE-2020-0601 - Microsoft Windows 10, Microsoft Windows Server 2019 and Microsoft Windows Server 2016

Critical 8.1

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

Affected software

Microsoft Windows 10

Microsoft Windows Server 2019

Microsoft Windows Server 2016

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.