{"vulnerability": "cve-2020-0601", "sightings": [{"uuid": "f1b8a673-e40d-464a-be28-bcb2bbcecc82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/42d04e94-bf5b-427d-acc8-f5d740675941", "content": "", "creation_timestamp": "2020-10-20T15:57:21.000000Z"}, {"uuid": "6a278f42-54d0-40db-b08b-db112e6e20bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/5f850411-c103-491f-abff-9421425403cf", "content": "", "creation_timestamp": "2020-10-21T08:19:09.000000Z"}, {"uuid": "61554a4e-cfb2-46e1-9969-aed4ff0b43d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "6999c636-4a95-4205-88ba-c367944afbe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:19.000000Z"}, {"uuid": "03639e06-195e-48c8-b184-ba0935deac0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/d925a2ee-e7cf-46f6-bec1-ad8e19122730", "content": "", "creation_timestamp": "2020-10-20T15:58:04.000000Z"}, {"uuid": "4153ab19-ed90-4a47-9d68-58730f35212d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://msrc.microsoft.com/blog/2020/01/january-2020-security-updates-cve-2020-0601/", "content": "", "creation_timestamp": "2020-01-14T07:00:00.000000Z"}, {"uuid": "add618a9-5bc2-4625-9963-b8c5b2831177", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970980", "content": "", "creation_timestamp": "2024-12-24T20:22:36.463094Z"}, {"uuid": "2299ad8d-70ad-49d2-993b-ffbceb0934a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://gist.github.com/tradebot-elastic/0443cfb5016bed103f1940b2f336e45a", "content": "", "creation_timestamp": "2025-01-09T15:31:50.000000Z"}, {"uuid": "f8ad2674-bed8-41d3-a7f9-81c509f3f670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvfhoorgw2o", "content": "", "creation_timestamp": "2025-01-29T16:32:34.478818Z"}, {"uuid": "28f4d145-0671-4256-a16f-765f734f3c0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:44.000000Z"}, {"uuid": "ce6c377b-5633-443d-90ec-2046e9ccd50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://gist.github.com/secdev02/835ba9d8b6c7a2dcb61bf84f9d1cb549", "content": "", "creation_timestamp": "2025-11-20T00:05:35.000000Z"}, {"uuid": "6f27b14b-a19f-4223-bb4a-a73465a843be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:00.000000Z"}, {"uuid": "17885f27-7d2b-401f-a188-d9f9ea694506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m7tmwrxxad2c", "content": "", "creation_timestamp": "2025-12-13T03:10:48.995576Z"}, {"uuid": "4172af2c-eded-4eb1-9175-ba3aa298aed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://gist.github.com/Metis-Intel/b94dbfe682c0d50d18e127d4891208cb", "content": "", "creation_timestamp": "2025-12-16T03:39:35.000000Z"}, {"uuid": "a4576de5-b05e-4743-ba8f-be00af49837f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=445", "content": "", "creation_timestamp": "2020-01-15T04:00:00.000000Z"}, {"uuid": "54e66819-7677-4d82-b8f3-d27fa6bded4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/00f1230b-e4ab-4a57-82b6-37ca92fc5626", "content": "", "creation_timestamp": "2026-02-02T12:28:56.989526Z"}, {"uuid": "cafce56c-39a4-4ff9-baea-697ea18f435c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/filippo.abyssdomain.expert/post/3mjklsutb6s2j", "content": "", "creation_timestamp": "2026-04-15T19:08:43.663506Z"}, {"uuid": "69ecacf6-8dc4-460e-b073-3811df8670a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjleh5vimz25", "content": "", "creation_timestamp": "2026-04-16T02:29:33.060174Z"}, {"uuid": "f91cc92f-f78d-4775-977d-b0ca04c55c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjnuvsllad2g", "content": "", "creation_timestamp": "2026-04-17T02:29:23.969488Z"}, {"uuid": "afb0da25-185e-48f9-9eaa-7ec5477c2df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjqfe77gah2r", "content": "", "creation_timestamp": "2026-04-18T02:29:07.190601Z"}, {"uuid": "1076dc5e-630c-49ea-b446-bbd585ce5419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjsvtyenpn2x", "content": "", "creation_timestamp": "2026-04-19T02:29:35.201608Z"}, {"uuid": "e1f6d0d2-554d-4fc1-bdf9-ed61a279b9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjvgdclzwg2x", "content": "", "creation_timestamp": "2026-04-20T02:29:48.704964Z"}, {"uuid": "3e2cbfcb-33f4-40ab-aca4-444ae7b0b77b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjxwrhgkau2x", "content": "", "creation_timestamp": "2026-04-21T02:29:22.655340Z"}, {"uuid": "313c9b9e-8bb1-4b58-9ceb-b67169b262ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mk2ha7xm7v2g", "content": "", "creation_timestamp": "2026-04-22T02:29:17.644232Z"}, {"uuid": "3a56227e-a841-4e6f-a167-12fb3338ff08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7637", "content": "Crypt32.dll \u0431\u0435\u0437 \u043f\u0430\u0442\u0447\u0430 \u043c\u043e\u0436\u0435\u0442 \u043d\u0435\u0441\u0442\u0438 \u0437\u043b\u043e, \u043e\u0431\u0445\u043e\u0434 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u043c\u0435\u0442\u043e\u0434\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 ECC \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u041f\u041e \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0435 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c \u0438 \u0442\u043f.\n\n\u041e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u043e \u0410\u041d\u0411 (\u0441\u043c \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435), \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0435\u0435 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c) \u043d\u0430\u0437\u0432\u0430\u043b\u0438 NSACrypt :)\n\n\u0414\u0435\u0442\u0430\u043b\u0438 \u043e\u0442 \u0432\u0435\u043d\u0434\u043e\u0440\u0430:\n\nhttps://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0601", "creation_timestamp": "2020-01-15T06:57:47.000000Z"}, {"uuid": "3e10493a-115c-4cd1-a7e7-e9558cf9541a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/antichat/7636", "content": "Patch Tuesday \u0443\u0436\u0435 \u0437\u0434\u0435\u0441\u044c, \u043d\u043e \u0432\u0441\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435 \u0442\u0430\u043a \u043f\u043b\u043e\u0445\u043e, \u043a\u0430\u043a \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 NSA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 \u0432 Microsoft. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0431\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \"\u0432\u0430\u0436\u043d\u0430\u044f\", \u0430 \u043d\u0435 \"\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f\", \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 \u043a\u0430\u043a \u043d\u0435 \u0432\u0438\u0434\u043d\u043e. \u041f\u0430\u0442\u0447 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u043b\u044f Windows 10, Windows Server 2016 \u0438 Windows Server 2019. \n\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\nPS \u0430 \u0448\u0443\u043c\u0443 \u0442\u043e \u0431\u044b\u043b\u043e. \u041d\u0435 \u0437\u0440\u044f \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0440\u0430\u0441\u0445\u0430\u0439\u043f\u0438\u043b\u0438 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0435\u0451 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 NSA \u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u0442\u0438\u0445\u0430\u0440\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0432 \u043a\u043e\u0438-\u0442\u043e \u0432\u0435\u043a\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043d\u0435\u0439 \u0441 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u043c. \u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u0440\u0435\u043f\u0443\u0442\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043e\u0441\u0440\u0430\u0442\u0443\u0448\u0435\u043a \u0441 EternalBlue, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0442\u0435\u043a\u043b\u0430 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0438 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u043d\u0430\u0434\u0435\u043b\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u0430.\n\n\u041e\u0411\u041d. \u0432\u043e\u0442 \u0435\u0449\u0435 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 NSA \nhttps://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF", "creation_timestamp": "2020-01-14T19:15:15.000000Z"}, {"uuid": "7e1ca980-aed8-4249-87cd-5fca474a106a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7662", "content": "\u0412 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0441\u0432\u0435\u0436\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 CryptoAPI\nhttps://xakep.ru/2020/01/17/cve-2020-0601-pocs/", "creation_timestamp": "2020-01-17T08:46:15.000000Z"}, {"uuid": "a9b94f8e-35a1-4011-ad0d-db15c86744a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/antichat/7661", "content": "\u0412\u044b\u0448\u043b\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Google Chrome, \u0441 \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0444\u0438\u043a\u0441\u043e\u0432 (\u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043d\u0438\u0436\u0435), \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e \u0442\u043e, \u0447\u0442\u043e \u0432 \u044d\u0442\u043e\u0442 \u043d\u0430\u0431\u043e\u0440 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u0444\u0438\u043a\u0441 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 NSACrypt (cve-2020-0601):\n\nhttps://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html?m=1", "creation_timestamp": "2020-01-17T05:37:04.000000Z"}, {"uuid": "e666ad50-0873-4db3-ba79-2da25da2facb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/1321", "content": "PoC for CVE-2020-0601\nhttps://github.com/ollypwn/cve-2020-0601\n+\nCVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n+\n\u0412 Edge (\u0441\u043c. \u0441\u043a\u0440\u0438\u043d + twitter) \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043e\u0431\u043e\u0439\u0442\u0438\nhttps://twitter.com/saleemrash1d/status/1217495681230954506\n\n\u0417\u042b \u0437\u0430 \u0441\u0441\u044b\u043b\u043a\u0443 \u043d\u0430 \u0442\u0432\u0438\u0442 \u0441\u043f\u0430\u0441\u0438\u0431\u043e @ldviolet", "creation_timestamp": "2020-01-16T17:14:27.000000Z"}, {"uuid": "e54f9eb6-305f-4fdc-87d5-e31c7f2f5290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/N0iSeBit/364", "content": "\u0421\u0435\u0433\u043e\u0434\u043d\u044f MS \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f CVE-2020-0601 (Windows CryptoAPI Spoofing Vulnerability). \u0418 \u0432\u0440\u043e\u0434\u0435 \u0431\u044b \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u043d\u0435 \u0437\u0432\u0443\u0447\u0438\u0442 \u0442\u0430\u043a \u0441\u0442\u0440\u0430\u0448\u043d\u043e, \u043a\u0430\u043a RCE, \u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0447\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0442\u0435\u043c, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0441\u043f\u0443\u0444\u0438\u0442\u044c, \u0442\u043e \u0435\u0441\u0442\u044c \u043f\u043e\u043f\u0440\u043e\u0441\u0442\u0443 \u043f\u043e\u0434\u043c\u0435\u043d\u0438\u0442\u044c, code-signing certificate \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434, \u043a\u0430\u043a \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u0438 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0439. \u041d\u043e \u044d\u0442\u043e \u0435\u0449\u0435 \u043d\u0435 \u0432\u0441\u0435, \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0437\u0434\u0435\u0441\u044c \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u044c\u0448\u0435:\n\n- HTTPS connections\n- Signed files and emails\n- Signed executable code (user-mode)\n\n\u0412\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 MS Win \u0438\u043c\u0435\u044e\u0449\u0438\u0435 \u043d\u0430 \u0431\u043e\u0440\u0442\u0443 CryptoAPI \u0438 Microsoft ECC Product Root Certificate, \u0430 \u044d\u0442\u043e \u0440\u043e\u0432\u043d\u044b\u043c \u0441\u0447\u0435\u0442\u043e\u043c \u0432\u0441\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u041e\u0421. \u0418\u043d\u0442\u0440\u0438\u0433\u0430 \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0431\u044b\u043b\u0430 \u0431\u044b \u043f\u043e\u043b\u043d\u043e\u0439, \u0435\u0441\u043b\u0438 \u043d\u0435 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044c, \u0447\u0442\u043e \u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b \u0435\u0435 \u0432 MS \u043d\u0438\u043a\u0442\u043e \u0438\u043d\u043e\u0439, \u043a\u0430\u043a NSA. \n\nhttps://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2056772/a-very-important-patch-tuesday/\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/adviso\n\nhttps://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/", "creation_timestamp": "2020-01-15T01:09:04.000000Z"}, {"uuid": "d7e1f8b6-7e20-42ef-b722-9b3056564757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ics_cert/226", "content": "\u26a0\ufe0f \u0647\u0634\u062f\u0627\u0631\u2757\ufe0f \n\ud83d\udd34 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0631\u0648\u06cc \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u060c \u0627\u0639\u0645 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 \u0648 \u062f\u0633\u06a9\u062a\u0627\u067e ( \u0627\u0632 XP \u062a\u0627 \u0648\u06cc\u0646\u062f\u0648\u0632 10 \u0648 \u062d\u062a\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 2016 \u0648 2019! )\n\n\ud83d\udd37 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u06cc \u06cc\u06a9 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0628\u0647 \u0646\u0627\u0645 crypt32.dll \u06a9\u0647 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0648 \u0645\u0633\u0627\u0626\u0644 \u0645\u0631\u0628\u0648\u0637 \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0631\u0627 \u0628\u0631 \u0639\u0647\u062f\u0647 \u062f\u0627\u0631\u062f \u0648 \u06a9\u0627\u0631\u06a9\u0631\u062f \u0645\u0647\u0645 \u0622\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u060c \u062d\u0641\u0627\u0638\u062a \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u06cc \u0648 ... \u0627\u0633\u062a \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0648 \u062d\u062a\u06cc TLS \u0631\u0627 \u0646\u06cc\u0632 \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. \n\n\ud83d\udd36 \u0627\u06cc\u0646 \u0628\u062f\u0627\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0647\u0631 \u062f\u0648\u0644\u062a \u06cc\u0627 \u0645\u0647\u0627\u062c\u0645 \u0633\u0627\u0632\u0645\u0627\u0646 \u06cc\u0627\u0641\u062a\u0647\u200c\u0627\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0633\u062a \u0628\u0647 \u062c\u0639\u0644 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 SSL \u0632\u062f\u0647 \u0648 \u062a\u0631\u0627\u0641\u06cc\u06a9 \u0631\u062f \u0648 \u0628\u062f\u0644 \u0634\u062f\u0647 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f \u062d\u062a\u06cc \u0627\u06af\u0631 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0645\u0632\u0628\u0648\u0631 \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 HTTPS \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u0627\u06cc\u062f.\n\n\u2705 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u06af\u0631\u062f\u062f \u06a9\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648 \u062a\u0645\u0627\u0645\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0647\u0631 \u0686\u0647 \u0633\u0631\u06cc\u0639\u062a\u0631 \u0628\u0647 \u0646\u0635\u0628 \u0648\u0635\u0644\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2020-0601 \u0627\u0642\u062f\u0627\u0645 \u0646\u0645\u0627\u06cc\u0646\u062f.\n\n\ud83e\udd81\u00ab\u06a9\u062a\u0627\u0633\u00bb\n\u200fhttp://t.me/ict_security", "creation_timestamp": "2020-01-15T17:07:01.000000Z"}, {"uuid": "59e44f2b-68bd-4b15-a197-ce943d242eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ics_cert/210", "content": "\u26a0\ufe0f \u0647\u0634\u062f\u0627\u0631\u2757\ufe0f \n\ud83d\udd34 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0631\u0648\u06cc \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u060c \u0627\u0639\u0645 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 \u0648 \u062f\u0633\u06a9\u062a\u0627\u067e ( \u0627\u0632 XP \u062a\u0627 \u0648\u06cc\u0646\u062f\u0648\u0632 10 \u0648 \u062d\u062a\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 2016 \u0648 2019! )\n\n\ud83d\udd37 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u06cc \u06cc\u06a9 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0628\u0647 \u0646\u0627\u0645 crypt32.dll \u06a9\u0647 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0648 \u0645\u0633\u0627\u0626\u0644 \u0645\u0631\u0628\u0648\u0637 \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0631\u0627 \u0628\u0631 \u0639\u0647\u062f\u0647 \u062f\u0627\u0631\u062f \u0648 \u06a9\u0627\u0631\u06a9\u0631\u062f \u0645\u0647\u0645 \u0622\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u060c \u062d\u0641\u0627\u0638\u062a \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u06cc \u0648 ... \u0627\u0633\u062a \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0648 \u062d\u062a\u06cc TLS \u0631\u0627 \u0646\u06cc\u0632 \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. \n\n\ud83d\udd36 \u0627\u06cc\u0646 \u0628\u062f\u0627\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0647\u0631 \u062f\u0648\u0644\u062a \u06cc\u0627 \u0645\u0647\u0627\u062c\u0645 \u0633\u0627\u0632\u0645\u0627\u0646 \u06cc\u0627\u0641\u062a\u0647\u200c\u0627\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0633\u062a \u0628\u0647 \u062c\u0639\u0644 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 SSL \u0632\u062f\u0647 \u0648 \u062a\u0631\u0627\u0641\u06cc\u06a9 \u0631\u062f \u0648 \u0628\u062f\u0644 \u0634\u062f\u0647 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f \u062d\u062a\u06cc \u0627\u06af\u0631 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0645\u0632\u0628\u0648\u0631 \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 HTTPS \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u0627\u06cc\u062f.\n\n\u2705 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u06af\u0631\u062f\u062f \u06a9\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648 \u062a\u0645\u0627\u0645\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0647\u0631 \u0686\u0647 \u0633\u0631\u06cc\u0639\u062a\u0631 \u0628\u0647 \u0646\u0635\u0628 \u0648\u0635\u0644\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2020-0601 \u0627\u0642\u062f\u0627\u0645 \u0646\u0645\u0627\u06cc\u0646\u062f.\n\n\ud83e\udd81\u00ab\u06a9\u062a\u0627\u0633\u00bb\n\u200fhttp://t.me/ict_security", "creation_timestamp": "2020-01-15T17:07:04.000000Z"}, {"uuid": "c970799a-e415-4da1-8bed-73ced18cd0e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/BleepingComputer/6608", "content": "Google Chrome Adds Protection for NSA's Windows CryptoAPI Flaw\n\nGoogle just released Chrome\u00a079.0.3945.130, which will now detect certificates that attempt to exploit the NSA discovered\u00a0CVE-2020-0601 CryptoAPI Windows vulnerability. [...]\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-adds-protection-for-nsas-windows-cryptoapi-flaw/", "creation_timestamp": "2020-01-16T22:22:27.000000Z"}, {"uuid": "cd8e97b9-c606-4ee8-9787-90d2ed388070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/6605", "content": "PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks\n\nProof-of-concept exploit code is now available for the Windows CryptoAPI\u00a0spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch. [...]\n\nhttps://www.bleepingcomputer.com/news/security/pocs-for-windows-cryptoapi-bug-are-out-show-real-life-exploit-risks/", "creation_timestamp": "2020-01-16T19:08:14.000000Z"}, {"uuid": "0d3fdd4b-ca67-4ebd-9e75-d0cf1aba1b85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/BleepingComputer/6591", "content": "NSA's First Public Vulnerability Disclosure: An Effort to Build Trust\n\nThe U.S. National Security Agency (NSA) started a new chapter after discovering and reporting to Microsoft a vulnerability tracked as CVE-2020-0601 and impacting Windows 10 and Windows Server systems. [...]\n\nhttps://www.bleepingcomputer.com/news/security/nsas-first-public-vulnerability-disclosure-an-effort-to-build-trust/", "creation_timestamp": "2020-01-15T15:17:47.000000Z"}, {"uuid": "6048338b-effc-417a-a121-5de5f5f8969d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/BleepingComputer/6616", "content": "How Malware Gains Trust by Abusing the Windows CryptoAPI Flaw\n\nThe new Windows CryptoAPI CVE-2020-0601 vulnerability disclosed by the NSA can be abused by malware developers to sign their executables so that they appear to be from legitimate companies. This creates trust in the program, which may cause a user to be more willing to execute them. [...]\n\nhttps://www.bleepingcomputer.com/news/security/how-malware-gains-trust-by-abusing-the-windows-cryptoapi-flaw/", "creation_timestamp": "2020-01-17T21:36:01.000000Z"}, {"uuid": "b1610400-b8ac-484d-afc6-2a1163e88d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/alexmakus/3235", "content": "Patch Tuesday \u0443\u0436\u0435 \u0437\u0434\u0435\u0441\u044c, \u043d\u043e \u0432\u0441\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435 \u0442\u0430\u043a \u043f\u043b\u043e\u0445\u043e, \u043a\u0430\u043a \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 NSA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 \u0432 Microsoft. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0431\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \"\u0432\u0430\u0436\u043d\u0430\u044f\", \u0430 \u043d\u0435 \"\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f\", \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 \u043a\u0430\u043a \u043d\u0435 \u0432\u0438\u0434\u043d\u043e. \u041f\u0430\u0442\u0447 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u043b\u044f Windows 10, Windows Server 2016 \u0438 Windows Server 2019. \n\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\nPS \u0430 \u0448\u0443\u043c\u0443 \u0442\u043e \u0431\u044b\u043b\u043e. \u041d\u0435 \u0437\u0440\u044f \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0440\u0430\u0441\u0445\u0430\u0439\u043f\u0438\u043b\u0438 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0435\u0451 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 NSA \u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u0442\u0438\u0445\u0430\u0440\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0432 \u043a\u043e\u0438-\u0442\u043e \u0432\u0435\u043a\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043d\u0435\u0439 \u0441 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u043c. \u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u0440\u0435\u043f\u0443\u0442\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043e\u0441\u0440\u0430\u0442\u0443\u0448\u0435\u043a \u0441 EternalBlue, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0442\u0435\u043a\u043b\u0430 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0438 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u043d\u0430\u0434\u0435\u043b\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u0430.\n\n\u041e\u0411\u041d. \u0432\u043e\u0442 \u0435\u0449\u0435 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 NSA \nhttps://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF", "creation_timestamp": "2020-01-14T18:44:30.000000Z"}, {"uuid": "6417ec67-ba4b-4e5d-bc01-40a70fbe1070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/cybershit/652", "content": "\u0412\u0447\u0435\u0440\u0430 \u0410\u041d\u0411 \u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b\u043e \u0432 Microsoft \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 Crypt32.dll, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 ECC Windows CryptoAPI.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 NSACrypt (CVE-2020-0601) \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Windows 10 \u0438 Windows Server 2016/19.\n\n\u0421\u0443\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u0443\u044e \u043f\u043e\u0434\u043f\u0438\u0441\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043d\u0430 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u0443\u044e \u0438 \u043f\u043e\u043d\u044f\u0442\u044c, \u0447\u0442\u043e \u0444\u0430\u0439\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e. \u041f\u043e\u043c\u0438\u043c\u043e \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0434\u0435\u043b\u0430\u0442\u044c MITM \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u0423\u0436\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 > https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\u0420\u0435\u043f\u043e\u0440\u0442 > https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 > https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d", "creation_timestamp": "2020-01-15T08:21:34.000000Z"}, {"uuid": "6469f1cf-a82d-44af-83db-d321272660e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/is_n3ws/36", "content": "\u0410\u041d\u0411 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u043e \u0430\u0442\u0430\u043a\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0432\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u043e\u0442\u0447\u0435\u0442. Top-20 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\nhttps://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF\n\nGaining Remote Access: \n-----------------------------\nCVE-2019-11510: Arbitrary file read/Pulse Secure VPN\nCVE-2019-19781: RCE/Citrix ADC\nCVE-2020-8195/3/6: Unauthenticated access\nCVE-2019-0708: RCE on RDP server\nCVE-2020-5902: RCE in F5 BIG-IP\n\nAD:\n----\nCVE-2020-1472: #ZeroLogon\nCVE-2019-1040: NTLM relay bypass\n\nMDM: \n------\nCVE-2020-15505: MobileIron device management\n\nExploiting Public Facing Services:\n---------------- \nCVE-2020-1350: RCE/ DNS Servers #SigRed\nCVE-2018-6789: RCE/ Exim mail transfer\nCVE-2018-4939: RCE/ Adobe's Cold Fusion\n\nWorkstation Local Privilege Escalation:\n-------------------------\nCVE-2020-0601: ECC spoofing #CurveBall\nCVE-2019-0803: Win32k Elevation of Privilege\n\nInternal Applications:\n--------------------\nCVE-2020-0688: RCE/MS Exchange\nCVE-2020-2555: RCE/Oracle Weblogic\nCVE-2019-11580: RCE/Atlassian Crowd\nCVE-2019-18935: RCE/ASP.Net\nCVE-2015-4852: RCE/Apache\nCVE-2019-3396: Unauthorized Access/Confluence\nCVE-2020-10189: RCE/Desktop Central", "creation_timestamp": "2020-11-06T22:00:17.000000Z"}, {"uuid": "e5c33ef0-d57c-4eaa-9e6a-f5953a7b010f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cybershit/653", "content": "\u041a\u0441\u0442\u0430\u0442\u0438, \u043f\u043e\u043c\u0438\u043c\u043e CVE-2020-0601, \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 RCE \u0432 Windows Remote Desktop Gateway (CVE-2020-0609, CVE-2020-0610) \u0438 Remote Desktop Client (CVE-2020-0611), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 Windows 7 \u0438 Server 2008 R2, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0435\u0433\u043e \u0434\u043d\u044f \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0435\u043a\u0440\u0430\u0449\u0435\u043d\u0430.\n\nhttps://www.us-cert.gov/ncas/alerts/aa20-014a", "creation_timestamp": "2020-01-15T08:34:29.000000Z"}, {"uuid": "650a2e6b-6fe0-41f9-a6c7-6d6fe84c14dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/w2hack/326", "content": "\u0414\u0440\u0443\u0437\u044c\u044f, \u0430 \u0432\u043e\u0442 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043f\u043e\u0434\u0433\u043e\u043d fresh \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0437\u0430 \u043d\u0430\u0447\u0430\u043b\u043e 2020 \u0433\u043e\u0434\u0430! \u0422\u043e\u043b\u044c\u043a\u043e \u0437\u0430\u043a\u043e\u043d\u0447\u0438\u043b\u0438\u0441\u044c \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u043a\u0438, \u0430 \u0434\u0435\u043b \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0431\u043e\u043b\u044c\u0448\u0435\n\nWindows \u043e\u043f\u044f\u0442\u044c \u043f\u043e\u0438\u043c\u0435\u043b\u0438 \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u043c\u043e\u0433\u043b\u0438! MS \u0441\u043d\u044f\u043b \u0441 \u0441\u0443\u043f\u043f\u043e\u0440\u0442\u0430 Win7 \u0438 \u0436\u0438\u0434\u043a\u043e \u0441\u0435\u0440\u0430\u0443\u043d\u043b \u043d\u043e\u0432\u044b\u043c \u0431\u0430\u0433\u043e\u043c CVE-2020-0601\n\n[News] https://habr.com/ru/company/solarsecurity/news/t/484000/\n[PoC \u0438 \u0441\u043e\u0440\u0446\u044b] https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d\n[\u0425\u0431\u043b\u043e\u0438\u0414] https://github.com/ollypwn/cve-2020-0601\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u00ab\u0433\u0440\u043e\u043c\u043a\u0438\u0445\u00bb \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 2019 \u0433\u043e\u0434\u0443 - \u043f\u043e\u0434\u0433\u043e\u043d \u0434\u043b\u044f \u043c\u043e\u043b\u043e\u0434\u0435\u0436\u0438, \u043a\u0442\u043e \u043f\u0438\u0448\u0435\u0442 \u0440\u0435\u0444\u0435\u0440\u0430\u0442\u044b \u0438\u043b\u0438 \u043a\u0443\u0440\u0441\u0430\u0447\u0438 \u0438\u043b\u0438 \u0441\u0442\u0430\u0442\u044c\u0438 \u043d\u0430 \u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446\u0438\u0438\nhttp://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%90%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7_%D0%B3%D1%80%D0%BE%D0%BC%D0%BA%D0%B8%D1%85_%D0%B8%D0%BD%D1%86%D0%B8%D0%B4%D0%B5%D0%BD%D1%82%D0%BE%D0%B2_%D0%B2_%D1%81%D1%84%D0%B5%D1%80%D0%B5_%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%BE%D0%B9_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D0%B8_%D0%B2_2019_%D0%B3%D0%BE%D0%B4%D1%83\n\nKubernetes: \u043f\u043e\u0447\u0435\u043c\u0443 \u0442\u0430\u043a \u0432\u0430\u0436\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b? - \u044f \u0443\u0436\u0435 \u043f\u0438\u0441\u0430\u043b \u043e\u0431 \u044d\u0442\u043e\u043c \u0432 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430\u0445 \u0440\u0430\u0441\u043f\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 ][\u0430\u043a\u0435\u0440\u0435, \u0435\u0449\u0435 \u0440\u0430\u0437 \u0442\u043e\u0436\u0435 \u0441\u0430\u043c\u043e\u0435, \u043d\u043e \u043e\u0442 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u0440\u0430 \nhttps://habr.com/ru/company/nixys/blog/480072/\n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0440\u043e\u0431\u0438\u0442 \u0432 \u0431\u0430\u043d\u043a\u0430\u0445 \u043d\u043e\u0432\u044b\u0435 \u043a\u043e\u043c\u0435\u043d\u0442\u044b \u043f\u043e \u043d\u043e\u0440\u043c\u0430\u0442\u0438\u0432\u043a\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u044e\u0437\u0430\u0435\u0442\u0441\u044f \u0432 2020\nhttps://habr.com/ru/post/483844/\n\n\u0421\u0431\u043e\u0439 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0420\u043e\u0441\u0440\u0435\u0435\u0441\u0442\u0440\u0430! \u0414\u0430, \u043b\u0430\u0434\u043d\u043e, \u0441\u043d\u043e\u0432\u0430 \u043f\u0440\u043e\u0435\u0431\u0430\u043b\u0438!? \u0410 \u043d\u0435\u0435\u0435\u0442, \u0433\u043e\u0432\u043e\u0440\u044f\u0442 \u044d\u0442\u043e \u0432\u0441\u0435 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0435 \u041f\u041e \u0432\u0438\u043d\u043e\u0432\u0430\u0442\u043e\nhttps://www.kommersant.ru/doc/3731094?fbclid=IwAR3W4AdLwygZ00SbjZb5dj4U_Ft-UBgD5MK4Wj7QuvEjJcQTQnHxD4zjH8w", "creation_timestamp": "2020-01-16T15:00:04.000000Z"}, {"uuid": "177f68d6-d911-4ac1-81cb-b7511e154461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19640", "content": "Looking for silver linings in the CVE-2020-0601 crypto vulnerability\n\nhttps://ift.tt/37nVS4n", "creation_timestamp": "2020-01-23T14:44:15.000000Z"}, {"uuid": "44c35f96-e568-4a75-8143-6b88d4394463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19472", "content": "Using the CVE-2020-0601 vulnerability, attackers can create code-signing certificates that spoof legitimate companies. For example, a malware can appear to be from Microsoft. http://twitter.com/BleepinComputer/status/1218271295361765378", "creation_timestamp": "2020-01-17T21:50:38.000000Z"}, {"uuid": "560d9a3f-e7ff-4e0c-aa81-893069882712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19427", "content": "Google has added protections for the CVE-2020-0601 CryptoAPI Windows vulnerability in Chrome 79.0.3945.130 that was released today. http://twitter.com/BleepinComputer/status/1217935719429214211", "creation_timestamp": "2020-01-16T23:50:35.000000Z"}, {"uuid": "c9b71650-01f5-4292-a038-28ac083975c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19469", "content": "Attack scenarios for the Windows CVE-2020-0601 vulnerability have mostly focused on web scenarios, but malware distributors can also abuse it to make their executables appear more trustworthy. http://twitter.com/BleepinComputer/status/1218271291930824711", "creation_timestamp": "2020-01-17T21:50:36.000000Z"}, {"uuid": "44c929b7-10f6-41e0-9b5a-6fab6e958b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19345", "content": "Microsoft Patches Windows Vuln Discovered by the NSA The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security. https://www.darkreading.com/threat-intelligence/microsoft-patches-windows-vuln-discovered-by-the-nsa-/d/d-id/1336807?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple", "creation_timestamp": "2020-01-15T01:32:16.000000Z"}, {"uuid": "166b5bc8-bde0-4490-9841-d396ccda7e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/19339", "content": "RT @AmitaiTechie: Windows Defender Antivirus detects files w/crafted certificates exploiting the certificate validation vulnerability:\n\u200bExploit:Win32/CVE-2020-0601.A (PE files)\nExploit:Win32/CVE-2020-0601.B (Scripts)\nAlso, #Microsoft Defender ATP has a threat report on your posture. #CVE-2020-0601 https://t.co/dFqJV5za8F http://twitter.com/BleepinComputer/status/1217208176191463425", "creation_timestamp": "2020-01-14T23:37:05.000000Z"}, {"uuid": "07b292e8-c515-4583-b97d-578c66c8eef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cyberguerre/31", "content": "Patch Tuesday \u0443\u0436\u0435 \u0437\u0434\u0435\u0441\u044c, \u043d\u043e \u0432\u0441\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435 \u0442\u0430\u043a \u043f\u043b\u043e\u0445\u043e, \u043a\u0430\u043a \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 NSA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 \u0432 Microsoft. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0431\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \"\u0432\u0430\u0436\u043d\u0430\u044f\", \u0430 \u043d\u0435 \"\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f\", \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 \u043a\u0430\u043a \u043d\u0435 \u0432\u0438\u0434\u043d\u043e. \u041f\u0430\u0442\u0447 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u043b\u044f Windows 10, Windows Server 2016 \u0438 Windows Server 2019. \n\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\nPS \u0430 \u0448\u0443\u043c\u0443 \u0442\u043e \u0431\u044b\u043b\u043e. \u041d\u0435 \u0437\u0440\u044f \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0440\u0430\u0441\u0445\u0430\u0439\u043f\u0438\u043b\u0438 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0435\u0451 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 NSA \u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u0442\u0438\u0445\u0430\u0440\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0432 \u043a\u043e\u0438-\u0442\u043e \u0432\u0435\u043a\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043d\u0435\u0439 \u0441 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u043c. \u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u0440\u0435\u043f\u0443\u0442\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043e\u0441\u0440\u0430\u0442\u0443\u0448\u0435\u043a \u0441 EternalBlue, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0442\u0435\u043a\u043b\u0430 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0438 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u043d\u0430\u0434\u0435\u043b\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u0430.\n\n\u041e\u0411\u041d. \u0432\u043e\u0442 \u0435\u0449\u0435 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 NSA \nhttps://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF", "creation_timestamp": "2020-01-14T21:49:26.000000Z"}, {"uuid": "8731600f-7832-495b-af3f-fd2ed7012b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "Telegram/0sD_EyHySREvSWLaWKL-XHqTqDduPkHhIy1vEKF4pCPQbv8", "content": "", "creation_timestamp": "2020-10-28T02:58:38.000000Z"}, {"uuid": "fc8754c5-5327-4921-af2a-59e3f4313d45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/information_security_channel/34094", "content": "Microsoft Patches Windows Vuln Discovered by the NSA\nhttps://www.darkreading.com/threat-intelligence/microsoft-patches-windows-vuln-discovered-by-the-nsa-/d/d-id/1336807?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nThe National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.", "creation_timestamp": "2020-01-15T00:49:19.000000Z"}, {"uuid": "098822a7-be64-4f0e-9fa0-5c19e33e9867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/information_security_channel/34141", "content": "PoC Exploits Released for Crypto Vulnerability Found by NSA\nhttp://feedproxy.google.com/~r/Securityweek/~3/1n2Ugx2e268/poc-exploits-released-crypto-vulnerability-found-nsa\n\nSeveral proof-of-concept (PoC) exploits have already been created \u2014 and some of them have been made public \u2014 for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched (https://www.securityweek.com/nsa-discloses-serious-windows-vulnerability-microsoft)recently after being notified by the U.S. National Security Agency.\nread more (https://www.securityweek.com/poc-exploits-released-crypto-vulnerability-found-nsa)", "creation_timestamp": "2020-01-16T16:09:19.000000Z"}, {"uuid": "ecb38b78-320b-4f30-adbe-e5eb11704960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/information_security_channel/34160", "content": "Proof-of-Concept Exploits Released for The Microsoft-NSA Crypto vulnerability \u2013 CVE-2020-0601\nhttps://gbhackers.com/poc-exploit-cve-2020-0601/", "creation_timestamp": "2020-01-17T03:59:35.000000Z"}, {"uuid": "cf3ab4d5-d1ad-4c21-a12c-4e4f9be7b7b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/information_security_channel/34162", "content": "Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, security researchers have published PoC Exploit that explains how attackers can exploit the Windows CryptoAPI Spoofing bug with cryptographically impersonate any website or server on the Internet. Microsoft\u2019s January Patch Tuesday security bulletin disclosed the importance \u2013 severity vulnerability. It [\u2026]\nThe post Proof-of-Concept Exploits Released for The Microsoft-NSA Crypto vulnerability \u2013 CVE-2020-0601 (https://gbhackers.com/poc-exploit-cve-2020-0601/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2020-01-17T03:59:36.000000Z"}, {"uuid": "e8a0871f-0679-4fd9-895a-91cee72499bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/thehackernews/577", "content": "WARNING: Install Latest Windows 10 Updates Immediately!\n\nMicrosoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).\n\nRead more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html", "creation_timestamp": "2020-01-14T20:00:01.000000Z"}, {"uuid": "63d2bc06-b17a-4003-ad8b-83f6071da042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/8596", "content": "\u0412 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0441\u0432\u0435\u0436\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 CryptoAPI\n\n\u0412 \u0441\u0435\u0442\u0438 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 CryptoAPI, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0410\u041d\u0411 \u0421\u0428\u0410.\n\nhttps://xakep.ru/2020/01/17/cve-2020-0601-pocs/", "creation_timestamp": "2020-01-17T09:35:16.000000Z"}, {"uuid": "65bae4d2-5449-4ddd-af6e-5f29618a4d1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/canyoupwnme/6262", "content": "PoC for CVE-2020-0601\nhttps://github.com/ollypwn/cve-2020-0601", "creation_timestamp": "2020-01-17T11:19:41.000000Z"}, {"uuid": "477e7763-f5f5-45cd-b356-dd11554d619a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/arvin_club/1500", "content": "WARNING: Install Latest Windows 10 Updates Immediately!\n\nMicrosoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).\n\nRead more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html", "creation_timestamp": "2020-01-15T07:28:58.000000Z"}, {"uuid": "5dab0ebc-5e10-4e16-abcc-24cc0c4a11b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/VulnerabilityNews/12022", "content": "Looking for silver linings in the CVE-2020-0601 crypto vulnerability\nRead More", "creation_timestamp": "2020-01-23T14:51:06.000000Z"}, {"uuid": "ae12c47e-95af-4800-bdf8-345b50604029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/628", "content": "#AppSec An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-technical-analysis-of-curveball-cve-2020-0601\n// Post highlight the code-level root cause analysis of the vulnerability in the context of how applications are likely to use CryptoAPI to handle certificates in the context of applications communicating via TLS", "creation_timestamp": "2024-10-09T23:07:11.000000Z"}, {"uuid": "e337357a-28dd-4d5e-b5c1-68d1d1964667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2358", "content": "#Analytics\nTop-10 exploited vulnerabilities in July-December 2020:\n1. CVE-2020-0601 - CurveBall CryptoAPI\nhttps://t.me/cybersecuritytechnologies/628\n2. CVE-2019-17026/CVE-2020-0674 - 0-Day Vulnerability in Mozilla Firefox\nhttps://t.me/cybersecuritytechnologies/914\n3. CVE-2020-0796 - Windows SMBv3 LPE exploit\nhttps://t.me/cybersecuritytechnologies/874\n4. CVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\n5. CVE-2020-5902/5903 - F5 BigIP TMUI Critical RCE\nhttps://t.me/cybersecuritytechnologies/1378\n6. CVE-2018-10561 - Dasan GPON Router Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/51\n7. CVE-2020-1350 - Exploit SIGRed\nhttps://t.me/cybersecuritytechnologies/1422\n8. CVE-2020-15999 + CVE-2020-17087 = Win Kernel cng.sys buffer overflow 0-Day\nhttps://t.me/cybersecuritytechnologies/1960\nhttps://t.me/cybersecuritytechnologies/2010\n9. CVE-2020-16898 - \"Bad Neighbor\" RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/1912\n10. CVE-2020-1938 - \"Ghostcat\" Apache Tomcat\nhttps://t.me/cybersecuritytechnologies/705", "creation_timestamp": "2025-01-04T20:00:34.000000Z"}, {"uuid": "4e7171d9-139c-4484-b141-9f0292daa94a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5545", "content": "#Research\n#cryptography\nExamining CVE-2020-0601 Crypt32.dll Elliptic Curve Cryptography (ECC) Certificate Validation Vulnerability", "creation_timestamp": "2022-03-05T11:12:02.000000Z"}, {"uuid": "c203d39b-4860-4a8d-9117-18782ece0ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cibsecurity/9377", "content": "\u26a0 Looking for silver linings in the CVE-2020-0601 crypto vulnerability \u26a0\n\nIs there some good news hidden in the story of the CVE-2020-0601 crypto vulnerability?\n\n\ud83d\udcd6 Read\n\nvia \"Naked Security\".", "creation_timestamp": "2020-01-23T14:55:21.000000Z"}, {"uuid": "7cdf2721-ec0a-40d5-b9d0-05ae301b1e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cibsecurity/9190", "content": "\ud83d\udd74 Microsoft Patches Windows Vuln Discovered by the NSA \ud83d\udd74\n\nThe National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading: \".", "creation_timestamp": "2020-01-15T01:41:09.000000Z"}, {"uuid": "9c326cac-8c7b-4c7b-9054-b62bc5db1fc6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/invoxiplaygames.uk/post/3mnjvnmexxc2i", "content": "CVE-2020-0601 is my second favourite vulnerability (my favourite being CVE-2015-5119). what a vuln", "creation_timestamp": "2026-06-05T10:12:50.556446Z"}, {"uuid": "f05f9046-06b4-4da4-9cc9-859b709721d5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnlmbiipbo27", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 136 interactions\nCVE-2026-0257: 40 interactions\nCVE-2026-46243: 23 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2015-5119: 20 interactions\nCVE-2020-0601: 20 interactions\nCVE-2026-20245: 6 interactions\n", "creation_timestamp": "2026-06-06T02:30:19.773280Z"}, {"uuid": "06476bfb-72b1-4b6a-981a-d881bfc0ea80", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnt5okxrpl2a", "content": "Top 3 CVE for last 7 days:\nCVE-2025-48595: 137 interactions\nCVE-2015-5119: 20 interactions\nCVE-2020-0601: 20 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-50751: 6 interactions\nCVE-2025-8088: 5 interactions\nCVE-2026-50131: 5 interactions\n", "creation_timestamp": "2026-06-09T02:30:30.360959Z"}, {"uuid": "5fa9d6e1-ddf1-4da8-85b0-16209a09d59d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mnvo6boqxs2a", "content": "Top 3 CVE for last 7 days:\nCVE-2015-5119: 20 interactions\nCVE-2020-0601: 20 interactions\nCVE-2026-11645: 18 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-11645: 18 interactions\nCVE-2026-45447: 16 interactions\nCVE-2026-49975: 14 interactions\n", "creation_timestamp": "2026-06-10T02:30:56.549050Z"}, {"uuid": "06c1816c-e173-4c7e-b4e1-11d3edc0e14a", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/3e293774-ea6d-41d2-9577-860fa33b6320", "content": "", "creation_timestamp": "2026-06-19T12:48:00.674315Z"}, {"uuid": "3cf8e242-64c2-4acb-a0f8-b65c6735866e", "vulnerability_lookup_origin": "caeb2787-0d58-4236-9039-7c86c3e566f3", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/1ce796ba-31ef-400c-9017-91674cd04f72", "content": "", "creation_timestamp": "2026-06-23T14:04:33.776310Z"}, {"uuid": "5ffe9e99-bbac-4707-8c46-0b13024e4f9d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://gist.github.com/secdev02/ac6bc3af4d025d816247d10d62183f4e", "content": "# WireGuard ECC & Encryption Deep Audit\n**Scope:** `crypto/zinc/curve25519/`, `crypto/zinc/poly1305/`, `crypto/zinc/chacha20poly1305.c`, `noise.c` \n**Focus:** Curve parameter injection (CurveBall class), field arithmetic, key validation, AEAD correctness \n**Date:** 2026-06-23\n\n---\n\n## Executive Summary\n\n| # | File | Finding | Severity |\n|---|------|---------|----------|\n| ECC-1 | curve25519.c | CurveBall class \u2014 NOT applicable (positive finding) | N/A |\n| ECC-2 | curve25519.c | Torsion/low-order input points \u2014 caught by output check | Informational |\n| ECC-3 | noise.c | Peer public key stored without upfront validation | Low |\n| ECC-4 | chacha20poly1305.c | In-place decryption before MAC verification (RFC 8439 non-conformance) | Low/Medium |\n| ECC-5 | chacha20poly1305.c | sg_inplace MAC tag pointer: ssize_t + size_t mixing | Low |\n| ECC-6 | curve25519-hacl64.c | fdifference adds 8p: correct but undocumented | Informational |\n| ECC-7 | noise.c | static_private dead variable with memzero_explicit | Informational |\n| ECC-8 | curve25519-hacl64.c | format_fcontract_trim single-pass reduction | Informational (correct) |\n| ECC-9 | poly1305-donna64.c | Poly1305 r-clamping verified correct | Informational (correct) |\n\n**No critical bugs found.** The cryptographic primitives are formally verified implementations. The most significant finding is the in-place decrypt-before-MAC pattern (ECC-4), which is architecturally non-standard but safely contained within WireGuard's queue model. The CurveBall attack class is architecturally impossible against this codebase.\n\n---\n\n## Finding ECC-1: CurveBall (CVE-2020-0601) Class \u2014 Not Applicable\n\n**Verdict:** Immune by design.\n\nCVE-2020-0601 exploited Windows CryptoAPI accepting attacker-specified generator points for named ECDSA curves, allowing signature forgery by anyone who could substitute their own G. The attack requires that curve parameters \u2014 specifically the base point \u2014 be configurable or network-supplied.\n\n**WireGuard's architecture eliminates this class entirely.**\n\nThe basepoint for key generation is a compile-time constant in `curve25519.c`:\n\n```c\nbool curve25519_generate_public(u8 pub[CURVE25519_KEY_SIZE],\n const u8 secret[CURVE25519_KEY_SIZE])\n{\n static const u8 basepoint[CURVE25519_KEY_SIZE] __aligned(32) = { 9 };\n ...\n}\n```\n\nThis is the RFC 7748 section 6.1 standard `u = 9` generator for Curve25519. It cannot be changed at runtime.\n\nThe curve arithmetic itself (`curve25519-hacl64.c`, `curve25519-fiat32.c`) has all parameters embedded as numeric literals in the field operations. The prime `p = 2^255 - 19` appears as:\n\n- `0x7ffffffffffedLLU` \u2014 limb 0 of p in 51-bit representation (verified: `p & (2^51-1) = 2^51-19`)\n- `0x7ffffffffffffLLU` \u2014 limbs 1 through 4 of p (all equal to `2^51-1`)\n- The Montgomery ladder constant `scalar = 121665` \u2014 this is `(A-2)/4` where `A = 486662`, the Bernstein optimization for Curve25519 doubling\n\nNone of these are read from configuration, netlink attributes, or incoming packets. There is no surface for curve parameter injection.\n\n---\n\n## Finding ECC-2: Torsion Point Inputs (Small Subgroup Attack)\n\n**Severity:** Informational (correctly mitigated)\n\nCurve25519 has cofactor 8. Its torsion subgroup has 8 elements. An attacker could submit one of these low-order u-coordinates as their peer public key:\n\n```\nu = 0\nu = 1\nu = 325606250916557431795983626356110631294008115727848805560023387167927233504\nu = 39382357235489614581723060781553021112529911719440698176882885853963445705823\nu = p-1, p, ...\n```\n\nMultiplying any of these by a clamped scalar (a multiple of 8) always yields the identity point, whose u-coordinate is 0.\n\n**WireGuard's defence \u2014 the null-point return check in `curve25519.c`:**\n\n```c\nbool curve25519(u8 mypublic[CURVE25519_KEY_SIZE],\n const u8 secret[CURVE25519_KEY_SIZE],\n const u8 basepoint[CURVE25519_KEY_SIZE])\n{\n if (!curve25519_arch(mypublic, secret, basepoint))\n curve25519_generic(mypublic, secret, basepoint);\n return crypto_memneq(mypublic, null_point, CURVE25519_KEY_SIZE);\n}\n```\n\n`curve25519()` returns false if the output is all-zero. `mix_dh()` in `noise.c` propagates this correctly:\n\n```c\nstatic bool __must_check mix_dh(...)\n{\n if (unlikely(!curve25519(dh_calculation, private, public)))\n return false; // handshake aborted\n ...\n}\n```\n\nThe check is on the output, not the input. This is correct per RFC 7748, which explicitly states that checking the output for the all-zero string is the correct mitigation. Checking the input would require expensive point validation that provides no additional security for X25519.\n\n**Clamping provides structural defence:** `curve25519_clamp_secret` clears the 3 low bits of the scalar (ensuring a multiple of 8). Since any torsion-group point has order dividing 8, `clamp(s) * torsion_point = 8k * torsion_point = identity`. The null-point check catches the result.\n\n---\n\n## Finding ECC-3: Peer Public Key Stored Without Immediate Validation\n\n**Severity:** Low\n\nIn `noise.c`, `wg_noise_handshake_init()`:\n\n```c\nvoid wg_noise_handshake_init(..., const u8 peer_public_key[NOISE_PUBLIC_KEY_LEN], ...)\n{\n memset(handshake, 0, sizeof(*handshake));\n memcpy(handshake->remote_static, peer_public_key, NOISE_PUBLIC_KEY_LEN);\n ...\n wg_noise_precompute_static_static(peer); // validation is deferred here\n}\n```\n\nThe key is stored first, then validated indirectly by `wg_noise_precompute_static_static`:\n\n```c\nvoid wg_noise_precompute_static_static(struct wg_peer *peer)\n{\n if (!peer->handshake.static_identity->has_identity ||\n !curve25519(peer->handshake.precomputed_static_static,\n peer->handshake.static_identity->static_private,\n peer->handshake.remote_static))\n memset(peer->handshake.precomputed_static_static, 0, NOISE_PUBLIC_KEY_LEN);\n}\n```\n\nIf the public key is a torsion point (DH output = 0), `curve25519()` returns false and `precomputed_static_static` is zeroed. Then during the handshake, `mix_precomputed_dh()` rejects it:\n\n```c\nstatic bool __must_check mix_precomputed_dh(...)\n{\n static u8 zero_point[NOISE_PUBLIC_KEY_LEN];\n if (unlikely(!crypto_memneq(precomputed, zero_point, NOISE_PUBLIC_KEY_LEN)))\n return false;\n ...\n}\n```\n\n**The chain is correct but indirect.** The raw bytes of any 32-byte value can be stored in `remote_static` \u2014 including keys that produce a zero DH output only with specific private keys. Rejection is deferred to `precompute_static_static` (peer creation) and `mix_precomputed_dh` (handshake time).\n\n**Timing concern:** `wg_noise_precompute_static_static` is also called after local key rotation. During the window between storing the new peer key and the precompute completing, `remote_static` holds the new (unvalidated) key while `precomputed_static_static` may still hold a stale value from the previous computation.\n\n**Recommended pattern:** Validate the DH output at the netlink layer before accepting a new peer key, and return an error to userspace if it produces zero.\n\n---\n\n## Finding ECC-4: In-Place Decryption Before MAC Verification\n\n**Severity:** Low/Medium \u2014 RFC 8439 non-conformant; contained by WireGuard's queue model\n\nRFC 8439 section 2.8 states: receivers MUST verify the Poly1305 tag before acting on any decrypted data. The rationale is that an attacker who can submit chosen ciphertexts and observe partial decryption results can, in some contexts, extract key material.\n\n**WireGuard's `chacha20poly1305_decrypt_sg_inplace()` does the opposite:**\n\n```c\nsg_miter_start(&miter, src, sg_nents(src), SG_MITER_TO_SG | SG_MITER_ATOMIC);\nfor (sl = src_len; sl > 0 && sg_miter_next(&miter); sl -= miter.length) {\n u8 *addr = miter.addr;\n size_t length = min_t(size_t, sl, miter.length);\n\n poly1305_update(&poly1305_state, addr, length, ...); // 1. MAC over ciphertext\n\n // 2. Decrypt IN PLACE \u2014 overwrites buffer before MAC is checked\n chacha20(&chacha20_state, addr, addr, l, simd_context);\n ...\n}\n// 3. MAC only checked AFTER all decryption has already occurred\npoly1305_final(&poly1305_state, b.computed_mac, simd_context);\nret = !crypto_memneq(b.computed_mac, ...);\n```\n\nPlaintext is written to the skb's backing memory on every loop iteration, before `poly1305_final` confirms the tag is valid.\n\n**Why WireGuard's model contains this:**\n\nThe skb follows this path after decryption:\n\n1. `decrypt_packet()` decrypts in place, returns true/false\n2. `wg_packet_decrypt_worker()` sets `PACKET_STATE_CRYPTED` (success) or `PACKET_STATE_DEAD` (failure) via `atomic_set_release()`\n3. `wg_packet_rx_poll()` reads the state with `atomic_read_acquire()` \u2014 a full acquire barrier\n4. Only `PACKET_STATE_CRYPTED` packets reach `wg_packet_consume_data_done()` and the networking stack\n\nThe acquire/release pair provides happens-before ordering: any thread observing `PACKET_STATE_CRYPTED` is guaranteed to see the completed, authenticated decryption. No unauthenticated plaintext escapes to userspace.\n\n**Residual risk:** The plaintext bytes live in `skb->data` before authentication completes. If a kernel panic, debugging facility (e.g., `kcore`, KGDB), or future code path reads `skb->data` in that window, it would observe unauthenticated plaintext. Not a current exploit path, but a robustness concern.\n\n**Why the design is this way:** The encrypt variant must write ciphertext in a single pass for performance. The decrypt variant mirrors the structure. A separate scratch buffer would eliminate the issue but requires an extra allocation per packet \u2014 unacceptable for kernel networking at line rate.\n\n---\n\n## Finding ECC-5: sg_inplace MAC Tag Pointer \u2014 ssize_t + size_t Mixing\n\n**Severity:** Low (no underflow in practice; type mixing is unsafe-looking)\n\nIn the fast path of `chacha20poly1305_decrypt_sg_inplace()`:\n\n```c\n// sl is ssize_t (signed), miter.length is size_t (unsigned)\nif (likely(sl <= -POLY1305_MAC_SIZE)) {\n poly1305_final(&poly1305_state, b.computed_mac, simd_context);\n ret = !crypto_memneq(b.computed_mac,\n miter.addr + miter.length + sl, // mixed arithmetic\n POLY1305_MAC_SIZE);\n}\n```\n\nWhen `sl` is negative and `miter.length + sl` is evaluated with implicit unsigned conversion, if `|sl| > miter.length` the result wraps to a huge positive number. That would send the pointer far outside the buffer.\n\n**Why it does not wrap in practice:** The condition `sl <= -POLY1305_MAC_SIZE` means the loop consumed all ciphertext AND the current segment extended at least 16 bytes past the ciphertext end into the auth tag. Therefore `miter.length >= |sl| >= 16`, so `miter.length + sl >= 0`. No underflow.\n\n**The guarantee is implicit** in the loop invariant, not in the type system.\n\n**Safer form:**\n\n```c\nu8 *tag_ptr = miter.addr + miter.length - (size_t)(-(sl));\nret = !crypto_memneq(b.computed_mac, tag_ptr, POLY1305_MAC_SIZE);\n```\n\n---\n\n## Finding ECC-6: fdifference Adds 8p, Not 2p (Undocumented)\n\n**Severity:** Informational (correct, but undocumented)\n\nIn `curve25519-hacl64.c`, `fdifference()` computes `b - a` by first adding a large multiple of the prime to `b`:\n\n```c\ntmp[0] = b0 + 0x3fffffffffff68LLU;\ntmp[1] = b1 + 0x3ffffffffffff8LLU;\n...\na[i] = tmp[i] - a[i]; // = (b + correction) - a\n```\n\nThe correction constant is exactly **8p** (verified: `8 * (2^255 - 19)` reconstructed from the 51-bit limbs matches). The reason for 8p rather than the intuitively expected 2p is that intermediate 51-bit limbs in the HACL* representation can carry slightly beyond their nominal bounds after `fsum` and `fmul`, requiring a larger correction to guarantee non-negative results.\n\nNo bug here, but the comment is absent. An auditor who attempts to verify this by computing 2p or 4p will fail to match, waste significant time, or incorrectly flag it. **A comment is needed:**\n\n```c\n/* Add 8p before subtracting a to ensure a non-negative result.\n * 8p in 51-bit limb form: [0x3fffffffffff68, 0x3ffffffffffff8, ...] */\n```\n\n---\n\n## Finding ECC-7: Dead Variable `static_private` in consume_response\n\n**Severity:** Informational (misleading to auditors)\n\nIn `wg_noise_handshake_consume_response()`:\n\n```c\nu8 static_private[NOISE_PUBLIC_KEY_LEN]; // declared, never written\n// ... (never assigned) ...\nmemzero_explicit(static_private, NOISE_PUBLIC_KEY_LEN); // zeroes garbage stack bytes\n```\n\n`static_private` is never populated. The `memzero_explicit` zeroes uninitialized stack memory. This is a refactor artifact \u2014 an earlier version of the responder path used a local copy of the static private key for a `se` DH step that was later replaced by the precomputed value path.\n\nSecurity impact: zero. Auditor impact: a reviewer seeing `memzero_explicit` will assume the variable held a live private key and look for where it was populated. That time is wasted. The variable and its cleanup call should be removed.\n\n---\n\n## Finding ECC-8: format_fcontract_trim Single-Pass Reduction (Verified Correct)\n\n**Severity:** Informational\n\n`format_fcontract_trim` performs a single conditional subtraction of `p` to canonicalize the output:\n\n```c\nu64 mask0 = u64_gte_mask(a0, 0x7ffffffffffedLLU); // a[0] >= p[0]?\nu64 mask1 = u64_eq_mask(a1, 0x7ffffffffffffLLU); // a[1] == p[1]?\n...\nu64 mask = mask0 & mask1 & mask2 & mask3 & mask4; // value >= p?\n// subtract p once, conditionally\n```\n\nOne reduction is sufficient: the two carry passes (`format_fcontract_first_carry_full` and `format_fcontract_second_carry_full`) fold the top bit back via `modulo_carry_top` (multiply by 19), leaving the value in `[0, 2^255)`. Since `p = 2^255 - 19`, this range is `[0, p + 18]`. One subtraction of `p` reduces to `[0, p-1]`. Correct.\n\nThe constant-time comparisons `u64_gte_mask` and `u64_eq_mask` were both verified. `u64_gte_mask(a, b)` uses the standard carry-bit extraction trick: `(a ^ q) >> 63 - 1` where `q` encodes whether borrow occurred. No branches. Correct.\n\n---\n\n## Finding ECC-9: Poly1305 r-Clamping Verified Correct\n\n**Severity:** Informational\n\n`poly1305-donna64.c` clamps the Poly1305 accumulation key `r` at initialization per RFC 8439 section 2.5:\n\n```c\nst->r[0] = t0 & 0xffc0fffffffULL;\nst->r[1] = ((t0 >> 44) | (t1 << 20)) & 0xfffffc0ffffULL;\nst->r[2] = ((t1 >> 24)) & 0x00ffffffc0fULL;\n```\n\nThe key is represented as three 44-bit limbs. The masks clear the bits that RFC 8439 requires to be zero. Verified against the RFC table. Correct.\n\n---\n\n## Constant-Time Analysis\n\n| Operation | Mechanism | Status |\n|-----------|-----------|--------|\n| Montgomery ladder bit swap | XOR: `x = swap & (ai ^ bi)` | Constant-time |\n| Field element comparison (`u64_eq_mask`, `u64_gte_mask`) | Arithmetic, no branches | Constant-time |\n| Poly1305 tag comparison | `crypto_memneq` (kernel) | Constant-time |\n| Field multiplication (hacl64) | `__uint128_t` wide multiplies, no data-dependent branches | Constant-time |\n| Canonical reduction (format_fcontract_trim) | Masked conditional subtract | Constant-time |\n| Scalar clamping | Bitwise AND/OR | Constant-time |\n| Ladder iteration count | Fixed 256 iterations (32 bytes x 8 bits, 4 steps/bit) | Constant-time |\n\n**Not audited here:** `curve25519-x86_64.c` and `curve25519-arm.S` \u2014 these require separate assembly-level review for data-dependent branches or cache-timing patterns.\n\n---\n\n## Key Call Chain\n\n```\nnetlink: set_peer()\n \u2514\u2500 wg_peer_create() \u2192 wg_noise_handshake_init()\n \u2514\u2500 wg_noise_precompute_static_static()\n \u2514\u2500 curve25519(ss, local_priv, remote_pub) [validates output only]\n\nnoise: consume_initiation()\n \u251c\u2500 message_ephemeral(e, src->unencrypted_ephemeral) [no explicit point check on e]\n \u251c\u2500 mix_dh(ck, key, local_priv, e) [curve25519(); zero output check]\n \u251c\u2500 message_decrypt(s, src->encrypted_static) [AEAD authenticated]\n \u251c\u2500 mix_precomputed_dh(ck, key, precomputed_ss) [zero-check on precomputed]\n \u2514\u2500 message_decrypt(t, src->encrypted_timestamp) [AEAD authenticated]\n\nreceive: wg_packet_decrypt_worker()\n \u2514\u2500 decrypt_packet()\n \u2514\u2500 chacha20poly1305_decrypt_sg_inplace() [decrypt THEN verify \u2014 ECC-4]\n```\n\n---\n\n## Suggested Next Audit Areas\n\n- `curve25519-x86_64.c` / `curve25519-arm.S` \u2014 assembly paths for timing side-channels and branch-on-secret-bit patterns\n- `blake2s.c` \u2014 HKDF parameter size arithmetic in `kdf()`, particularly the `first_len/second_len/third_len` bounds checked by `WARN_ON`\n- `cookie.c` \u2014 `xchacha20poly1305_encrypt` nonce derivation; confirm the XChaCha HChaCha20 subkey extraction is correct and the 192-bit nonce provides adequate birthday-bound security\n- `peerlookup.c` \u2014 `wg_pubkey_hashtable_lookup()` timing: lookup time proportional to peer count could leak peer existence via timing oracle", "creation_timestamp": "2026-06-23T20:43:49.000000Z"}]}