Published: 14/01/2020 Updated: 16/01/2020
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Summary

A vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. The vulnerability affects Microsoft Windows®1 cryptographic functionality. The certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution. The vulnerability affects Windows 10 and Windows Server 2016/2019 as well as applications that rely on Windows for trust functionality. Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities.

Vulnerability Trend

Affected Products

Vendor Product Versions
MicrosoftWindows 10-, 1607, 1709, 1803, 1809, 1903, 1909
MicrosoftWindows Server 2016-, 1803, 1903, 1909
MicrosoftWindows Server 2019-