Proof-of-concept exploits for Microsoft Crypto bug released

Proof-of-concept exploits for Microsoft Crypto bug released – MSPoweruser

Two proof-of-concept exploits for the “broad cryptographic vulnerability” discovered by the US National Security Agency (NSA), have just been publicly released. Microsoft confirmed CVE-2020-0601 involves Windows CryptoAPI and says “a spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates” which can be used to “to sign a malicious executable, making …