On January 14, 2020, the NSA and Microsoft disclosed a critical vulnerability in Microsoft’s CryptoAPI DLL, also known as crypt32.dll. This is a component in Windows used by the operating system and many Microsoft applications, including its web browsers. This flaw, CVE-2020-0601, was one of 50 fixed in Microsoft’s January 2020 Patch Tuesday release.
The affected component, crypt32.dll, improperly validates Elliptic Curve Cryptography certificates. Attackers could exploit this bug to do several things:
- Spoof a code-signing certificate and secretly sign a file, making that file appear as if it is from a trusted source
- Conduct man-in-the-middle attacks and decrypt confidential information
- Spoof a digital certificate used to log on to systems using public key infrastructure, such as two-factor smartcard authorization used by government agencies
This vulnerability affects all builds of Windows 10 and Windows Server 2016, including Microsoft’s web browsers, Internet Explorer and Edge. The vulnerability received a great deal of speculation and publicity prior to its release.
Microsoft’s write up was fairly vague, and Microsoft only rated it as Important. Depending on the use case, this could underestimate the potential impact. Google’s Tavis Ormandy confirmed the vulnerability affects anything using X.509, including TLS, code signing, digital certificates, and public key infrastructure.
The NSA was quick to caution the problem was not with PKI or cryptography as a whole, just a single implementation requiring a bug fix.
The Microsoft rating of Important has caused some organizations to downplay its importance. Organizations requiring PKI for two-factor single sign on would rate this much higher. For most organizations, deepwatch recommends ensuring this month’s updates go through your standard testing and deployment process. Getting the update deployed correctly is more important than getting it deployed quickly.
At present there are no known exploits for this vulnerability, which reduces the need to rush.
The only fully effective mitigation is to apply Microsoft’s January 2020 Patch Tuesday bundle. Fake patches specific to CVE-2020-0601 are already circulating, so be sure to use Microsoft’s official updates. The NSA stated some partial mitigations exist but stressed they are not effective.
Qualys has released QID 91595 and Tenable has released six plugins, 132857-132862, to detect CVE-2020-0601. You can conduct a scan using the specific QID or Plugin IDs, or use standard full vulnerability scan.
If you are a Vulnerability Management customer with deepwatch, please contact your Vulnerability Management SME in order to arrange a scan and identify any vulnerable systems. The Vulnerability Management SME will assist in developing a mitigation strategy and notify you when identifications are officially released.
Soon after the publication of this report, two proof of concept attacks against this Microsoft CryptoAPI flaw, which some researchers are calling Curveball, appeared. The quick appearance of this code suggests the attack is simpler to exploit than it first appeared and raises the urgency. However, this flaw remains a larger problem for government entities than for the private sector. This flaw is also a bigger problem for workstations and external web servers running IIS than for internal servers, as one of the major problems, the breaking of TLS, is a bigger problem for systems that will be accessing the Internet.
Dave Farquhar, Vulnerability Management Program Manager
Britton Grim, Vulnerability Management Program Manager