cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Glenn_Bolton
Level 12
Report Inappropriate Content
Message 1 of 7
‎01-14-2020 07:34 PM

CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Hello,

Microsoft just released a patch to address CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability. The description states "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates."

My question is, does ENS 10.6.1 offer any protection for these types of vulnerabilities and specifically for the vulnerability associated with this CVE article?

Thank you.

 

0 Kudos
Reply
2 Solutions

Accepted Solutions
patrakshar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7
‎01-14-2020 07:40 PM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Hi @Glenn_Bolton 

Please subscribe to https://kc.mcafee.com/corporate/index?page=content&id=KB92322 for all official communication.

 

McAfee is aware of the recent Windows CryptoAPI Spoofing vulnerability (CVE-2020-0601). We have technology in development to detect the vulnerability and are currently conducting rigorous quality assurance and efficacy testing.  

We strongly advise rapid deployment of the Microsoft patches released on January 14. McAfee products are compatible with all updates released in the January Patch Tuesday update.

 

View solution in original post

Reply
patrakshar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7
‎01-16-2020 12:22 AM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Hi @cybercop 

We have created a generic detection (CVE-2020-0601!) . It is already merged in DAT source and will be fully released in 3 days if we do not find any false positive incident.

This ED can be deployed to both VSE and ENS. 
We strongly recommend to test this ED in smaller group of machines before deploying to entire organization. 


If there is any False positive you have, please reach out to our Support team.

How to apply the Extra DAT:
1. Extract the Extra.ZIP file. 
2. Follow the article https://docs.mcafee.com/bundle/endpoint-security-10.5.0-threat-prevention-product-guide-epolicy-orch... to deploy it from EPO.
 

The article will be updated shortly.

View solution in original post

EXTRA.zip
Reply
6 Replies
patrakshar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 7
‎01-14-2020 07:40 PM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Hi @Glenn_Bolton 

Please subscribe to https://kc.mcafee.com/corporate/index?page=content&id=KB92322 for all official communication.

 

McAfee is aware of the recent Windows CryptoAPI Spoofing vulnerability (CVE-2020-0601). We have technology in development to detect the vulnerability and are currently conducting rigorous quality assurance and efficacy testing.  

We strongly advise rapid deployment of the Microsoft patches released on January 14. McAfee products are compatible with all updates released in the January Patch Tuesday update.

 

Reply
Glenn_Bolton
Level 12
Report Inappropriate Content
Message 3 of 7
‎01-14-2020 08:03 PM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Thank you..will do.

Reply
cybercop
Level 10
Report Inappropriate Content
Message 4 of 7
‎01-16-2020 12:10 AM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Have you got timescales for 10.6/10.7 offering protection from CVE-2020-0601 (Defender already does..) Whilst the advice of ensuring the updates are applied is good practise, no updating process is 100%. We are an extremely large organisation and we are happy if we can get 90% coverage. Defence in depth is essential to us as if the updates don't get through then the last line of Defence we have is ENS ATP....

0 Kudos
Reply
patrakshar
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 7
‎01-16-2020 12:22 AM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Hi @cybercop 

We have created a generic detection (CVE-2020-0601!) . It is already merged in DAT source and will be fully released in 3 days if we do not find any false positive incident.

This ED can be deployed to both VSE and ENS. 
We strongly recommend to test this ED in smaller group of machines before deploying to entire organization. 


If there is any False positive you have, please reach out to our Support team.

How to apply the Extra DAT:
1. Extract the Extra.ZIP file. 
2. Follow the article https://docs.mcafee.com/bundle/endpoint-security-10.5.0-threat-prevention-product-guide-epolicy-orch... to deploy it from EPO.
 

The article will be updated shortly.

EXTRA.zip
Reply
Glenn_Bolton
Level 12
Report Inappropriate Content
Message 6 of 7
‎01-22-2020 08:27 AM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution
McAfee is doing a great job of responding to these types of issues very quickly. Nicely done. I would like to post a separate notice re: the current Zero Day issue. I believe that Microsoft has not released a patch and may not until February..It's nice to know that Microsoft takes security seriously. Thank you McAfee Team.
Reply
AdithyanT
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 7
‎01-31-2020 11:35 AM

Re: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Jump to solution

Hi @Glenn_Bolton,

I am not involved in this thread, but I am certainly very happy representing McAfee on listening to such words. This is great feedback that should be passed along to the team who work on these and I will ensure it is heard! Thanks!

Also, the latest update is that as per the below Link, Microsoft has thankfully addressed this Vulnerability with a patch fro their end!

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

Cheers!

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community


Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA

Consumer Support   |   Enterprise Support   |   McAfee.com for Enterprise

Legal   |   Privacy   |   Copyright © 2021 Musarubra US LLC