← ExploitWatch
HomeExploited Vulnerabilities

CVE-2020-0601 — Actively Exploited: Windows (Microsoft)

Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legiti

CVE IDCVE-2020-0601
VendorMicrosoft
ProductWindows
Vulnerability nameMicrosoft Windows CryptoAPI Spoofing Vulnerability
Date added2021-11-03
Remediation due2022-05-03
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionMicrosoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-i
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →