top of page

CVE-2020-0601 Vulnerability Lets Windows Install Malware


Windows uses a document link library, Crypt32.dll, to keep track of trusted certificate authorities. There's a flaw in the .dll (which Microsoft recently posted a patch for) which allows it to incorrectly approve malicious software and web sites. The vulnerability is named CVE-2020-0601. Windows updates are not vulnerable to a CVE-2020-0601 attack, so there's no danger in updating your operating system with files that have been incorrectly authorized.

This is the first time that the National Security Agency has made a Windows vulnerability public. The United States government follows a Vulnerabilities Equities Process in determining whether or not to disclose computer security flaws to the public.

Information about CVE-2020-0601 is posted in the National Vulnerability Database. NIST assigned the vulnerability a common vulnerability scoring system score of 8.1 on a scale of 10.


Sean O'Shea has more than 20 years of experience in the litigation support field with major law firms in New York and San Francisco.   He is an ACEDS Certified eDiscovery Specialist and a Relativity Certified Administrator.

​

The views expressed in this blog are those of the owner and do not reflect the views or opinions of the owner’s employer.

​

If you have a question or comment about this blog, please make a submission using the form to the right. 

Your details were sent successfully!

© 2015 by Sean O'Shea . Proudly created with Wix.com

bottom of page