Security News > 2020 > January > PoC Exploits Released for Crypto Vulnerability Found by NSA
Several proof-of-concept exploits have already been created - and some of them have been made public - for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.
Currently, there is no evidence that the vulnerability has been exploited in attacks, but PoC exploits have been created for CVE-2020-0601 much faster than many had anticipated.
One of the first researchers to announce successfully creating an exploit was Saleem Rashid, who published a couple of screenshots apparently showing the vulnerability being used to forge TLS certificates.
While some researchers have yet to make their PoC exploits public, others have done so.
Kudelski Security has argued that it has decided to make its PoC public due to the fact that script kiddies and most cybercriminals do not have the knowledge and resources required to exploit the vulnerability.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-0601 | Improper Certificate Validation vulnerability in multiple products A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | 8.1 |