CVE-2020-0601 Vulnerability Lets Windows Install Malware

CVE-2020-0601 Vulnerability Lets Windows Install Malware

January 24, 2020

Windows uses a document link library, Crypt32.dll, to keep track of trusted certificate authorities.  There's a flaw in the .dll (which Microsoft recently posted a patch for) which allows it to incorrectly approve malicious software and web sites.  The vulnerability is named CVE-2020-0601.   Windows updates are not vulnerable to a CVE-2020-0601 attack, so there's no danger in updating your operating system with files that have been incorrectly authorized. 


This is the first time that the National Security Agency has made a Windows vulnerability public.  The United States government follows a Vulnerabilities Equities Process in determining whether or not to disclose computer security flaws to the public.  


Information about CVE-2020-0601 is posted in the National Vulnerability Database.  NIST assigned the vulnerability a common vulnerability scoring system score of 8.1 on a scale of 10. 







Please reload

Contact Me With Your Litigation Support Questions:

  • Twitter Long Shadow

© 2015 by Sean O'Shea . Proudly created with