CVE-2020-0601
Known Exploited (CISA KEV)HIGH
8.1
CVSS Severity Score
Vulnerability Description
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Affected Platforms (CPE)
💻
Microsoft
Windows 10 1507
All versions💻
Microsoft
Windows 10 1507
All versions💻
Microsoft
Windows 10 1607
All versions💻
Microsoft
Windows 10 1607
All versions💻
Microsoft
Windows 10 1709
All versions💻
Microsoft
Windows 10 1709
All versions💻
Microsoft
Windows 10 1709
All versions💻
Microsoft
Windows 10 1803
All versions💻
Microsoft
Windows 10 1803
All versions💻
Microsoft
Windows 10 1803
All versions💻
Microsoft
Windows 10 1809
All versions💻
Microsoft
Windows 10 1809
All versions💻
Microsoft
Windows 10 1809
All versions💻
Microsoft
Windows 10 1903
All versions💻
Microsoft
Windows 10 1903
All versions💻
Microsoft
Windows 10 1903
All versions💻
Microsoft
Windows 10 1909
All versions💻
Microsoft
Windows 10 1909
All versions💻
Microsoft
Windows 10 1909
All versions💻
Microsoft
Windows Server 1803
All versions💻
Microsoft
Windows Server 1903
All versions💻
Microsoft
Windows Server 1909
All versions💻
Microsoft
Windows Server 2016
All versions💻
Microsoft
Windows Server 2019
All versions📦
Golang
Go
>= 1.12 and < 1.12.16📦
Golang