The Natural Choice for IT

Blog

What you need to know

Microsoft Windows Zero-Day Vulnerability (CVE-2020-0601)

Impacts: Windows 10, Windows Server 2016, Windows Server 2019
More information: Windows CryptoAPI Spoofing Vulnerability

Microsoft released a patch for its Windows 10 desktop operating system, and Windows 2016/2019 server operating system yesterday to address a severe bug in its Windows CryptoAPI. The bug was discovered by the NSA, and released in a press conference by Director of Cybersecurity Anne Neuberger.

The excerpt from the Microsoft vulnerability report best describes the scope of this bug:

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.
The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

What does this mean in layman’s Terms?

An attacker can spoof the credibility of software, or even secure connections you or your computer establishes.

Typically this credibility is verified by trusted entities online such as Microsoft, VeriSign, etc. These trusted entities are like a State’s Department of Motor Vehicles in the sense that they issue identification, after vetting your identity.

However with this vulnerability left unpatched, an attacker could issue their own identification and fake the credibility of the issuer (which is the DMV in this example). This is sort of like someone using a really, really, really good fake ID - however instead of trying to get into a bar while underage, they’re running malicious programs on someone’s computer or listening to secure communications, such as online banking.

How Can I Stay Safe?

Our clients are audited for the presence of security patches, or lack thereof on their systems. If a system is not properly patched, we will apply our automated measures to install the patch.
The name of the patch will look something like this “2020-01 Cumulative Update for Windows 10 Version xxxx for x64-based System” (xxxx = build number of Windows, i.e. 1909)