Microsoft Windows CryptoAPI Spoofing Vulnerability [securityboulevard]
by CIRT Team
Today, Microsoft released patch for CVE-2020-0601, a vulnerability in windows “crypt32.dll” component that could allow attackers to perform spoofing attacks. This was discovered and reported by National Security Agency (NSA) Researchers. The vulnerability affects Windows 10 and Windows Server 2016/2019 systems.
This is a serious vulnerability and patches should be applied immediately. An attacker could exploit this vulnerability by using a spoofed code-signing certificate, meaning an attacker could let you download and install malware that pretended to be something legit, such as software updates, due to the spoofed digital signature.
Detecting CVE-2020-0601 with Qualys VM
The best method for identifying vulnerable hosts is through the Qualys Cloud Agent or via Qualys authenticated scanning. Qualys has issued a special QID (91595) for Qualys Vulnerability Management that covers only CVE-2020-0601 across all impacted Operating Systems. This QID is included in signature version VULNSIGS-2.4.791-3, and requires authenticated scanning or the Qualys Cloud Agent. Cloud Agents will automatically receive this new QID as part of manifest version 2.4.791-3-2.
You can search for this within AssetView or the VM Dashboard by using the following QQL query:
For more, click here.