Skip to main content
Skip table of contents

ISN 2020-02: Windows CryptoAPI Spoofing Vulnerability

Announced 24 February 2020

Score: High

A high scoring security issue affects IGEL Windows 10 IoT

Details

A vulnerability has been discovered in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates (CVE-2020-0601). An attacker could exploit this to sign a malware executable with a spoofed certificate so that it will look legitimate to Windows. This vulnerability is also known as “Curve Ball” or “Chain of Fools”.

Update Instructions

  • Update to IGEL Windows 10 IoT version 4.04.140 or newer.

References

NVD - CVE-2020-0601 Detail: https://nvd.nist.gov/vuln/detail/CVE-2020-0601

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close