CVE-2020-0601 is a Dangerous Windows Exploit Revealed by the NSA



On January 1, 2020, Microsoft released a group of patches that fixed a collection of exploits. [1] The main exploit was CVE-2020-0601 [2] which Microsoft was made aware of by the National Security Agency (NSA).

What Does CVE-2020-0601 Do?

According to Neal Ziring, Technical Director at NSA Cybersecurity Directorate

CVE-2020-0601 is a serious vulnerability, because it can be exploited to undermine Public Key Infrastructure (PKI) trust. PKI is a set of mechanisms that home users, businesses, and governments rely upon in a wide variety of ways. The vulnerability permits an attacker to craft PKI certificates to spoof trusted identifies, such as individuals, web sites, software companies, service providers, or others. Using a forged certificate, the attacker can (under certain conditions) gain the trust of users or services on vulnerable systems, and leverage that trust to compromise them. [3]

People can say they are someone else, and the Windows authentication won’t be able to tell if they are faking.

Who Does This Exploit Affect?

It affects the Windows operating system. The NSA said

The vulnerability affects Windows 10 and Windows Server 2016/2019 as well
as applications that rely on Windows for trust functionality.

Can It Still Affect Me?

Mr. Ziring also stated

The patch is the only comprehensive means to mitigate the riskWhile means exist to detect or prevent some forms of exploitation, none of them are complete or fully reliable.

As long as your Windows software is up to date, it shouldn’t.


  1. ^Security TechCenter, 27 Jan. 2020. “January 2020 Security Updates.” (go back↩)
  2. ^Security TechCenter, 27 Jan. 2020.”CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability.(go back↩)
  3. ^National Security Agency | Central Security Service, 27 Jan. 2020.”A Very Important Patch Tuesday.(go back↩)

Leave a Reply