Download page ISN 2020-02: Windows CryptoAPI Spoofing Vulnerability.
ISN 2020-02: Windows CryptoAPI Spoofing Vulnerability
Announced 24 February 2020
Score: High
A high scoring security issue affects IGEL Windows 10 IoT
Details
A vulnerability has been discovered in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates (CVE-2020-0601). An attacker could exploit this to sign a malware executable with a spoofed certificate so that it will look legitimate to Windows. This vulnerability is also known as “Curve Ball” or “Chain of Fools”.
Update Instructions
Update to IGEL Windows 10 IoT version 4.04.140 or newer.