One way an attacker could exploit this vulnerability is by signing malicious code and making it appear to come from a legitimate source. The user would then have no way of knowing that the file was in fact malicious because the digital signature would appear to come from a recognized certification authority.
Any software depending on the CertGetCertificateChain() function of this library to ensure that the certificate is of recognized authority could then be unable to do so correctly and thus be misled in determining the authenticity of this certification chain.
The library concerned by this flaw (crypt32.dll) was introduced by Microsoft about twenty years ago (under Windows NT 4.0). However, older versions of Windows are not affected because they natively reject elliptic curves with parameters.
In order to fix CVE-2020-0601, it is necessary to update your operating system with the latest security patches available on the Microsoft website.
To do this, it is advisable to force the update by writing “update” in the search bar and selecting “search for new updates“. The system will then automatically search for the latest updates and perform them if necessary.
TEHTRIS EDR includes a new capability to detect exploitation attempts against the CVE-2020-0601 vulnerability through extensive analysis of software signatures and sophisticated cryptographic validations, in order to understand when a binary has been built to abuse the related flaw.
At the time of this writing, this is the very first EDR (Endpoint Detection and Response) in the world with such an option since it offers the possibility to also find the attack on un unpatched Windows systems too (!) with no recent update and with the old vulnerable version of CRYPT32.DLL.
This feature offers several possibilities to TEHTRIS EDR users worldwide: