29 Oct 2022

#cve_analysis

Write a blog analysis for a CVE

publish

Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601

by @khurram.arif

29 Oct 2022

#cve_analysis

Write a blog analysis for a CVE

publish

Windows CryptoAPI Spoofing - Certificate Incorrect Validation - CVE-2020-0601

CVEs

CVE-2020-0601

8.1 High Severity

WindowsMicrosoft

XP Professional.SP2 X64

XP Professional.*

NT.*

2003 Server.SP2

2003 Server.SP2 X64

2003 Server.SP1 Itanium

2003 Server.*

2003 Server.SP2 Itanium

2003 Server.SP1

1903.*

Windows 10Microsoft

30H2.*

25H2.*

AMD6.*

8662.*

1002.*

ARM6.*

1003.*

1004.*

2601.*

2478.*

Windows Server 2016Microsoft

10.0.14393.8594.*

10.0.14393.8524.*

10.0.14393.8519.*

10.0.14393.8422.*

10.0.14393.8416.*

10.0.14393.8330.*

10.0.14393.8246.*

10.0.14393.8066.*

10.0.14393.8148.*

Windows Server 2019Microsoft

10.0.17763.8027.*

10.0.17763.7922.*

10.0.17763.7919.*

10.0.17763.7792.*

10.0.17763.7783.*

10.0.17763.7678.*

10.0.17763.7558.*

10.0.17763.7136.*

10.0.17763.7434.*

10.0.17763.7314.*

Apps

GOGolang

1.21.0-0.*

0.0.0-20201203163018-Be400aefbc4c.*

2018-07-13.*

2018-09-25.*

1.24.5.*

*.*

1.22.11.*

1.12.14.*

1.12.17.*

1.22.10.*

Screenshots from the blog posts

blog-posts/images/cl9u1m81hfr9q0llg6940djn3.jpg

Summary

Web browser security vulnerability - signature certificates using elliptic curve cryptography (ECC) is not correctly verified.

Description

Tags

#Microsoft #CVE-2020-0601 #vicarius_blog #CryptoAPI #webbrowser #certificate #certificatevalidation

@khurram.arif

11 posts

Total vcoins

remediate more CVEs with vRx

explore more

Comments (0)