Guru's Picks, Hacking News

CVE-2020-0601, Are You Vulnerable? – IT Security Guru

What is it?

A man-in-the-middle/spoofing vulnerability exists in Windows 10, Windows Server 2016/2019 – when an authenticated attacker is on the target system, they can use a spoofed code-signing certificate to sign malicious executables making the file appear as if it’s from a trusted source. This vulnerability is post-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could conduct man-in-the-middle attacks and decrypt encrypted traffic such as traffic sent over the encrypted protocol of HTTPS. To exploit this vulnerability, an attacker would need to be authenticated to the device.

Should I be worried? 
You may be vulnerable if you have unpatched Windows machines running Windows 10 or Windows Server 2016/2019.

What do I need to do?

Currently, there is no safe PoC for testing assets. Once a PoC is developed or available in the wild, Edgescan clients will be notified as soon as possible, if they are vulnerable.

You should also check your patching as per for Windows 10 or Windows Server 2016/2019:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

Here for CVE advisory:

https://nvd.nist.gov/vuln/detail/CVE-2020-0601

Here for the NSA advisory:

https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

 

This content was originally published by edgescan: https://www.edgescan.com/cve-2020-0601-security-advice-from-edgescan?utm_content=112591434&utm_medium=social&utm_source=linkedin&hss_channel=lcp-2928425

 

//platform.twitter.com/widgets.js

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

three × three =

This site uses Akismet to reduce spam. Learn how your comment data is processed.