Windows CryptoAPI Spoofing Vulnerability – Suite3 Response

On January 14, 2020 Microsoft released notification of a new vulnerability discovered for Windows 10 class operating systems ( CVE-2020-0601). An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source.

Operating systems affected are:
Windows 10
Windows Server 2016
Windows Server 2019

It is important to note that this is not a zero-day vulnerability, meaning that no active exploits are known to exist at this time.

Businesses that utilize TLS inspection have an additional layer of mitigation against this vulnerability, since a Man-in-the-Middle attack would be shut down by the proxy, which does perform correct ECC certificate validation.

Suite3 is actively following the developments of this vulnerability. For our clients who utilize our ManageSuite Advanced Update Management Suite3 will begin to push patches for workstations this evening (01/15/2020). In addition we are working towards an out-of-band update for servers.

Additional information regarding this vulnerability can be found below: