Skip to content
  • Instagram
  • Home
  • Contact us
  • About us
  • Privacy Policy
Techusers

Techusers

Learn To be a Dev

  • Home
  • Guide
  • Security & Privacy
  • Tech News
  • Computer
  • Top List
  • What is
  • Engineering
  • How To
  • Tech Terms
  • Toggle search form

Windows 10 Now to Patch a CryptoAPI Vulnerability

Posted on 15/01/202008/02/2020 By Techuser

Microsoft has rolled out the Patch Tuesday updates for January 2020. Among all the security fixes, there is one that exists for a spoofing vulnerability affecting the Windows CryptoAPI (Crypt32.dll).

Labelled as CVE-2020-0601, the vulnerability was discovered and reported to Microsoft by the NSA. It is present in the way the CryptoAPI performs the validation process for Elliptic Curve Cryptography (ECC) certificates.

The flaw allows an attacker to sign a malicious executable file using a fake code signing certificate, which can be used to make a victim believe that the file is from a trusted source.

The list of systems affected by CVE-2020-0601 includes all versions of Windows 10 and Windows Server 2016/2019.

Microsoft warns that the Windows CryptoAPI bug can be used to perform MITM attacks and “decrypt confidential information on user connections to the affected software.”

NSA has released a separate security advisory where it calls the vulnerability “severe” and says that “sophisticated actors will understand the underlying flaw very quickly.”

Until now, no traces of the vulnerability being actively exploited in the wild have been found. However, Microsoft has secured the devices by releasing patch as part of the latest Windows Update and users are recommended to install it right away.

Finally CryptoAPI Vulnerability is now patched

Read more : Lenovo Bios update-10[64] – 7ZCN34WW

Related

Security & Privacy

Post navigation

Previous Post: Lenovo Bios update-10[64] – 7ZCN34WW
Next Post: Why the Bumps are present in cables?

Recent Posts

  • How to Remove User Accounts in Windows 11
  • Jio 5G beta trial expands to Chennai; 5G-powered Wi-Fi services launched
  • What is a .NFA file? How to open it
  • What is a .M3U8 file? How to open it
  • What is a .AAX file? How to open it

Copyright © 2023 Techusers.

Powered by PressBook WordPress theme