- Description
- A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
- Source
- secure@microsoft.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5.8
- Impact score
- 4.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:N
Data from CISA
- Vulnerability name
- Microsoft Windows CryptoAPI Spoofing Vulnerability
- Exploit added on
- Nov 3, 2021
- Exploit action due
- Jan 29, 2020
- Required action
- Apply updates per vendor instructions.
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "A045AC0A-471E-444C-B3B0-4CABC23E8CFB"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:-:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "28A7FEE9-B473-48A0-B0ED-A5CC1E44194C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "5E491E46-1917-41FE-8F9A-BB0BDDEB42C3"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:-:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "0A1BC97A-263E-4291-8AEF-02EE4E6031E9"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "555C22C7-356D-4DA7-8CED-DA7423BBC6CF"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "469F95D3-ABBB-4F1A-A000-BE0F6BD60FF6"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1709:-:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "D76003FB-EE99-4D8E-B6A0-B13C2041E5A0"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "40151476-C0FD-4336-8194-039E8827B7C8"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "D82F8AF7-ED01-4649-849E-F248F0E02384"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1803:-:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "C1CFB53B-B17B-47BD-BAC1-C6C5D168FFB6"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "251E413C-68F6-43C6-975C-C0B6AD4D36DD"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "4C3391B0-C6A6-4F6F-AC1B-AD0927C2C986"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "112871CE-B37B-454E-AC10-A285D92CCE0E"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "9E1ED169-6F03-4BD5-B227-5FA54DB40AD7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "5C5B5180-1E12-45C2-8275-B9E528955307"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1903:-:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "B6A0DB01-49CB-4445-AFE8-57C2186857BA"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:arm64:*",
"vulnerable": true,
"matchCriteriaId": "9285A9B5-4759-43E7-9589-CDBCA7100605"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x64:*",
"vulnerable": true,
"matchCriteriaId": "0D77EA14-F61D-4B9E-A385-70B88C482116"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_10_1909:-:*:*:*:*:*:x86:*",
"vulnerable": true,
"matchCriteriaId": "1A6FC9EE-D486-4AFE-A20E-4278468A1779"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_1803:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "37097C39-D588-4018-B94D-5EB87B1E3D5A"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_1903:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "530DF8C9-467C-4F4F-9FCA-CDD934BADF3C"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_1909:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ADE7E7B1-64AC-4986-A50B-0918A42C05BB"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "041FF8BA-0B12-4A1F-B4BF-9C4F33B7C1E7"
},
{
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DB79EE26-FC32-417D-A49C-A1A63165A968"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA6E96C9-FEC1-4174-AB7D-783DF8EC2097",
"versionEndExcluding": "1.12.16",
"versionStartIncluding": "1.12"
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9C8D6C09-AF12-4600-9C21-4F7A46CC78D8",
"versionEndExcluding": "1.13.7",
"versionStartIncluding": "1.13"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]