Windows CryptoAPI has a serious security vulnerability Microsoft recommends users upgrade as soon as possible

During patch Tuesday on January 14, Microsoft fixed a serious high-risk security vulnerability that exists on all supported Windows systems. The vulnerability was discovered and disclosed to Microsoft by the U.S. National Security Agency (NSA) under the vulnerability number CVE-2020-0601.

Windows CryptoAPI has a serious security vulnerability Microsoft recommends users upgrade as soon as possible

In its latest announcement, Microsoft acknowledged the high-risk impact of CVE-2020-0601 and said there was a spoofing vulnerability in the way Windows CryptoAPI (Crypt32.dll) was used to verify elliptic curve cryptography (ECC) certificates. Hackers can exploit this vulnerability to sign arbitrary malicious executables, masquerading as trusted legitimate sources. “Successful exploitation of this vulnerability could also allow an attacker to carry out a man-in-the-middle attack and decrypt confidential information,” Microsoft said. The user’s connection to the affected software. “

ECC elliptical curve cryptography is an algorithm for building public key encryption, based on elliptic curve mathematics, which was independently proposed by Neal Koblitz and Victor Miller in 1985. The main advantage of ECC is that in some cases smaller keys, such as RSA encryption algorithms, are used in other ways to provide a fair or higher level of security.

The principle of ECC elliptic curve encryption lies in: set G as a point on the curve, d is an integer command point Q , d.G, if given d and G, it is easy to find Q, if given G and Q, it is difficult to find d. Where Q is the public key and d is the private key.

The CVE-2020-0601 vulnerability principle is that win10 adds support for eCC keys with parameters, but when doing signature verification in crypt32.dll, only the matching public key Q is checked, not the generated metag. The public key Q is dG, and d is the private key. Because win10 supports custom build metag’, an attacker can provide G’ s Q, d’ s e (unit meta), making the public key Q s dG s d’G’. The public key Q is the same in these two pairs (Q, G) – (Q, G’) and, unlike G’, only the public key Q is detected due to a validation defect. Thus, the attacker uses his own private key d’ signature, which is verified and is considered to be the signature of the official private key d.

Windows CryptoAPI has a serious security vulnerability Microsoft recommends users upgrade as soon as possible

Impact version

Microsoft Windows 10 Version 1607 for 32-bit Systems

Microsoft Windows 10 Version 1607 for x64-based Systems

Microsoft Windows 10 Version 1709 for ARM64-based Systems

Microsoft Windows 10 Version 1803 for 32-bit Systems

Microsoft Windows 10 Version 1803 for ARM64-based Systems

Microsoft Windows 10 Version 1803 for x64-based Systems

Microsoft Windows 10 Version 1809 for 32-bit Systems

Microsoft Windows 10 Version 1809 for ARM64-based Systems

Microsoft Windows 10 Version 1809 for x64-based Systems

Microsoft Windows 10 Version 1903 for 32-bit Systems

Microsoft Windows 10 Version 1903 for ARM64-based Systems

Microsoft Windows 10 Version 1903 for x64-based Systems

Microsoft Windows 10 Version 1909 for 32-bit Systems

Microsoft Windows 10 Version 1909 for ARM64-based Systems

Microsoft Windows 10 Version 1909 for x64-based Systems

Microsoft Windows 10 for 32-bit Systems

Microsoft Windows 10 for x64-based Systems

Microsoft Windows 10 version 1709 for 32-bit Systems

Microsoft Windows 10 version 1709 for x64-based Systems

Microsoft Windows Server 1803

Microsoft Windows Server 1903

Microsoft Windows Server 1909

Microsoft Windows Server 2016

Microsoft Windows Server 2019

Safety advice

It is recommended that the patch update released in January 2020 be installed as soon as possible to effectively mitigate this vulnerability on Windows 10 and Windows Server 2016/2019 systems.