Hello,
Microsoft just released a patch to address CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability. The description states "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates."
My question is, does ENS 10.6.1 offer any protection for these types of vulnerabilities and specifically for the vulnerability associated with this CVE article?
Thank you.
Solved! Go to Solution.
Please subscribe to https://kc.mcafee.com/corporate/index?page=content&id=KB92322 for all official communication.
McAfee is aware of the recent Windows CryptoAPI Spoofing vulnerability (CVE-2020-0601). We have technology in development to detect the vulnerability and are currently conducting rigorous quality assurance and efficacy testing.
We strongly advise rapid deployment of the Microsoft patches released on January 14. McAfee products are compatible with all updates released in the January Patch Tuesday update.
Hi @cybercop
We have created a generic detection (CVE-2020-0601!) . It is already merged in DAT source and will be fully released in 3 days if we do not find any false positive incident.
This ED can be deployed to both VSE and ENS.
We strongly recommend to test this ED in smaller group of machines before deploying to entire organization.
If there is any False positive you have, please reach out to our Support team.
The article will be updated shortly.
Please subscribe to https://kc.mcafee.com/corporate/index?page=content&id=KB92322 for all official communication.
McAfee is aware of the recent Windows CryptoAPI Spoofing vulnerability (CVE-2020-0601). We have technology in development to detect the vulnerability and are currently conducting rigorous quality assurance and efficacy testing.
We strongly advise rapid deployment of the Microsoft patches released on January 14. McAfee products are compatible with all updates released in the January Patch Tuesday update.
Thank you..will do.
Have you got timescales for 10.6/10.7 offering protection from CVE-2020-0601 (Defender already does..) Whilst the advice of ensuring the updates are applied is good practise, no updating process is 100%. We are an extremely large organisation and we are happy if we can get 90% coverage. Defence in depth is essential to us as if the updates don't get through then the last line of Defence we have is ENS ATP....
Hi @cybercop
We have created a generic detection (CVE-2020-0601!) . It is already merged in DAT source and will be fully released in 3 days if we do not find any false positive incident.
This ED can be deployed to both VSE and ENS.
We strongly recommend to test this ED in smaller group of machines before deploying to entire organization.
If there is any False positive you have, please reach out to our Support team.
The article will be updated shortly.
Hi @Glenn_Bolton,
I am not involved in this thread, but I am certainly very happy representing McAfee on listening to such words. This is great feedback that should be passed along to the team who work on these and I will ensure it is heard! Thanks!
Also, the latest update is that as per the below Link, Microsoft has thankfully addressed this Vulnerability with a patch fro their end!
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
Cheers!
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA