CertiSur
Control Panel
CertiSur July 31, 2024

Critical Windows Vulnerabilities

Microsoft has published critical security updates for Windows: CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability

Vulnerabilidades Criticas Windows

Systems affected by the vulnerabilities

Vulnerabilities CVE-2020-0601 affect the following versions of Windows:

  • Microsoft Windows 10, en varias versiones o ediciones. Ver listado here
  • Microsoft Windows Server 2016 and Windows Server 2016 (Server Core installation).
  • Microsoft Windows Server 2019 and Windows Server 2019 (Server Core installation).

Impact

Exploitation of CVE-2020-0601 vulnerabilities could result in arbitrary code execution on the vulnerable Windows system and may also allow man-in-the-middle attacks on encrypted connections.

Microsoft CryptoAPI could accept cryptographic objects signed with a forged version of a certificate, therefore it could bypass warnings and errors in executables signed with code signature or other signed objects. An attacker could:

  • install malicious programs, view, modify or delete data, create user accounts and take full control of the affected resource.
  • sign a malicious executable, perform MITM attacks and decrypt confidential information about users' connections with the affected software.
  • disclose confidential information,
  • cause denial of service,
  • execute remote code.
  • impersonate identities, etc

Solution and Prevention

Microsoft has published software updates to address critical vulnerabilities. Their application is recommended on different operating systems. They can be found at the following links:

Additionally, as a preventive measure it is recommended to:

  • Run all software as a user without privileges with minimal access rights.
  • Implement intrusion detection systems on the network and monitor network traffic for malicious activity.
  • Do not accept or execute files from unknown or untrusted sources.
  • Route traffic through proxy devices that perform TLS inspection. ● Use packet capture analysis tools, such as Wireshark, to analyze and extract certificates and thus determine their validity.

Additionally, it is recommended not to publish the RDP protocol to the internet; if it is necessary to access via RDP it is recommended to do so through a VPN connection.

It is recommended to apply security updates as soon as possible.

Additional information:

← Back to news