Shulou(Shulou.com)05/31 Report--

This article is about how to carry out the Microsoft core encryption library vulnerability CVE-2020-0601 notice, the editor feels very practical, so share with you to learn, I hope you can learn something after reading this article, say no more, let's take a look at it with the editor.

Document information number QianxinTI-SV-2020-0001 keyword CRYPT32.DLL cryptographic CVE-2020-0601 release date January 15, 2020 update date January 15, 2020 TLPWHITE analysis team Qianxin threat Intelligence Center Red Raindrop team announcement background

On January 15, 2020, Microsoft routinely released a list of patch updates for January, in which there was a vulnerability related to CryptoAPI.dll elliptic curve cryptography (ECC) certificate detection bypass, followed by a vulnerability warning notice issued by NSA in the United States, which showed that the vulnerability was independently discovered by NSA and reported to Microsoft. This is rare for NSA, which specializes in exploiting Microsoft vulnerabilities, such as the Eternal Blue series.

Attackers can attack by constructing malicious signature certificates and signing malicious files. In addition, because ECC certificates are also widely used in communication encryption, attackers can successfully use this vulnerability to achieve the corresponding man-in-the-middle attack.

The Red Raindrop team of Qianxin threat Intelligence Center immediately followed up on the vulnerability. It is worth noting that the Windows version of the ECC key certificate with specified parameters will be affected, while this mechanism, first introduced by WIN10, affects the WIN10,Windows Server2016/2019 version, while WIN7/Windows Server 2008, which stopped security maintenance on January 14 this year, is not affected because it does not support ECC keys with parameters.

Vulnerability summary

Vulnerability description

The vulnerability lies in CryptoAPI.dll and can be used to bypass Elliptic Curve Cryptography (ECC) certificate detection.

Impact area assessment

The Red Raindrop team of Qianxin threat Intelligence Center immediately followed up on the vulnerability. It is worth noting that the Windows version of the ECC key certificate with specified parameters will be affected, and this mechanism, first introduced by WIN10, affects the WIN10,Windows Server 2016 / 2019 version. WIN7/Windows Server 2008, which stopped security maintenance on January 14 this year, is not affected because it does not support ECC keys with parameters. However, the center still recommends that users update the WIN7/ Windows Server2008 system to the latest WIN10 system or a version later than Windows Server 2016, and update the relevant security patches.

Disposal suggested repair method

1. At present, the software manufacturer Microsoft has released the corresponding patch for the vulnerability, and Qianxin threat Intelligence Center recommends related upgrades.

Https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

The above is how to carry out the announcement of Microsoft core encryption library vulnerability CVE-2020-0601, the editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.