Announced 24 February 2020
A high scoring security issue affects IGEL Windows 10 IoT
A vulnerability has been discovered in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates (CVE-2020-0601). An attacker could exploit this to sign a malware executable with a spoofed certificate so that it will look legitimate to Windows. This vulnerability is also known as “Curve Ball” or “Chain of Fools”.
- Update to IGEL Windows 10 IoT version 4.04.140 or newer.
NVD - CVE-2020-0601 Detail: https://nvd.nist.gov/vuln/detail/CVE-2020-0601