⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-0601Improper Certificate Validation in Microsoft Windows

CWE-295Improper Certificate Validation74 documents25 sources
Severity
8.1HIGHNVD
EPSS
94.1%
top 0.09%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
9
Golang GOMicrosoft WindowsMicrosoft Windows 10 Version 1903 FOR 32-bit Systems+6 more
Timeline
PublishedJan 14
KEV addedNov 3
KEV dueMay 3
Latest updateMar 26
CISA Required Action: Apply updates per vendor instructions.

Description

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages9 packages

CVEListV5microsoft/windows13 versions+12
CVEListV5microsoft/windows_server5 versions+4

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

6
GHSA
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)2026-03-26
OSV
Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)2026-03-26
OSV
Certificate validation bypass on Windows in crypto/x5092022-08-01
GHSA
GHSA-82jc-cv6x-r223: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt322022-05-24
CVEList
CVE-2020-0601: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt322020-01-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate2020-01-15

🔍Detection Rules

2
Sigma
Audit CVE Event
Elastic
Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601 - CurveBall)

📋Vendor Advisories

3
CISA
Microsoft Windows CryptoAPI Spoofing Vulnerability2021-11-03
Chrome
Stable Channel Update for Desktop: CVE-2020-63802020-01-16
Microsoft
Windows CryptoAPI Spoofing Vulnerability2020-01-14

🕵️Threat Intelligence

56
Bleepingcomputer
Privilege elevation exploits used in over 50% of insider attacks2023-12-08
Qualys
Part 2: An In-Depth Look at the Latest Vulnerability Threat Landscape (Attackers’ Edition)2023-07-18
Qualys
Managing CISA Known Exploited Vulnerabilities with Qualys VMDR | Qualys2022-02-23
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-012021-11-09
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys2021-11-09

📐Framework References

1
CAPEC
Signature Spoofing by Improper Validation

📄Research Papers

4
arXiv
TELSAFE: Security Gap Quantitative Risk Assessment Framework2025-07-09
arXiv
Do Chase Your Tail! Missing Key Aspects Augmentation in Textual Vulnerability Descriptions of Long-tail Software through Feature Inference2024-12-15
arXiv
Microservice Vulnerability Analysis: A Literature Review with Empirical Insights2024-07-31
arXiv
Crimson: Empowering Strategic Reasoning in Cybersecurity through Large Language Models2024-03-01
CVE-2020-0601 — Improper Certificate Validation | cvebase