Urgent Tech Update – Windows CryptoAPI Spoofing Vulnerability
by Secutec
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.
An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
The security update (14/01/2020) addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.
McAfee recommendation
McAfee is aware of the recent Windows CryptoAPI Spoofing vulnerability (CVE-2020-0601). They have technology in development to detect the vulnerability and they are currently conducting rigorous quality assurance and efficacy testing.
We strongly advise rapid deployment of the Microsoft patches released on January 14. McAfee products are compatible with all updates released in the January Patch Tuesday update.
McAfee has provided us with Extra DAT but it is still being tested. We can provided it to you, if requested. Soon, it will be included in McAfee’s regular DAT updates. They haven’t announced a specific date yet.
Follow KB92322 for all recent updates.
Kaspersky recommendation
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel).
Follow KLA11618 for all recent updates.