Windows Critical Vulnerabilities
Microsoft has released critical security updates on Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability
Systems affected by vulnerabilities
The CVE-2020-0601 vulnerabilities affect the following versions of Windows:
- Microsoft Windows 10, in various versions or editions. See listing here
- Microsoft Windows Server 2016 and Windows Server 2016 (Server Core installation).
- Microsoft Windows Server 2019 and Windows Server 2019 (Server Core installation).
Exploiting the CVE-2020-0601 vulnerabilities could result in arbitrary code execution on the vulnerable Windows system and may also allow man-in-the-middle attacks on encrypted connections.
Microsoft CryptoAPI could accept cryptographic objects signed with a counterfeit version of a certificate, therefore it could ignore warnings and errors in code signed signed executables or other signed objects. An attacker could:
- install malicious programs, view, change or delete data, create user accounts and take full control of the affected resource.
- Sign a malicious executable, perform MITM attacks, and decrypt confidential information about users’ connections to affected software.
- disclose confidential information,
- cause denial of service,
- execute remote codes,
- impersonate identities, etc.
Solution and Prevention
Microsoft has released software updates to address critical vulnerabilities. Its application in the different operating systems is recommended. They can be found at the following links:
In addition, as a preventive measure it is recommended:
- Run all software as a non-privileged user with minimal access rights.
- Implement network intrusion detection systems and monitor network traffic for malicious activity.
- Do not accept or run files from unknown or untrusted sources.
- Route traffic through proxy devices, which perform TLS inspection. Use packet capture analysis tools, such as Wireshark, to analyze and extract certificates to determine their validity.
It is also recommended not to publish the RDP protocol to the internet; If it is necessary to access by RDP, it is recommended to do it through a VPN connection.
It is recommended to apply the security updates as soon as possible.