The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer. All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. The owner will not be liable for any errors or omissions in this information nor for the availability of this information. The owner will not be liable for any losses, injuries, or damages from the display or use of this information. This policy is subject to change at any time. The owner is not an attorney, and nothing posted on this site should be construed as legal advice. Litigation Support Tip of the Night does not provide confirmation that any e-discovery technique or conduct is compliant with legal, regulatory, contractual or ethical requirements.
Featured on the ACEDS blog.
Follow me on Twitter and see How-To Videos on my YouTube channel.
New tips for paralegals and litigation support profesionals are posted to this site each night. Click on the blog headings for better detail.
CVE-2020-0601 Vulnerability Lets Windows Install Malware
January 24, 2020
Windows uses a document link library, Crypt32.dll, to keep track of trusted certificate authorities. There's a flaw in the .dll (which Microsoft recently posted a patch for) which allows it to incorrectly approve malicious software and web sites. The vulnerability is named CVE-2020-0601. Windows updates are not vulnerable to a CVE-2020-0601 attack, so there's no danger in updating your operating system with files that have been incorrectly authorized.
This is the first time that the National Security Agency has made a Windows vulnerability public. The United States government follows a Vulnerabilities Equities Process in determining whether or not to disclose computer security flaws to the public.
Information about CVE-2020-0601 is posted in the National Vulnerability Database. NIST assigned the vulnerability a common vulnerability scoring system score of 8.1 on a scale of 10.