{"vulnerability": "CVE-2020-0601", "sightings": [{"uuid": "f1b8a673-e40d-464a-be28-bcb2bbcecc82", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/42d04e94-bf5b-427d-acc8-f5d740675941", "content": "", "creation_timestamp": "2020-10-20T15:57:21.000000Z"}, {"uuid": "6a278f42-54d0-40db-b08b-db112e6e20bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/5f850411-c103-491f-abff-9421425403cf", "content": "", "creation_timestamp": "2020-10-21T08:19:09.000000Z"}, {"uuid": "61554a4e-cfb2-46e1-9969-aed4ff0b43d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2021-11-20T09:53:52.000000Z"}, {"uuid": "6999c636-4a95-4205-88ba-c367944afbe0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422", "content": "", "creation_timestamp": "2021-11-08T08:58:19.000000Z"}, {"uuid": "03639e06-195e-48c8-b184-ba0935deac0b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/d925a2ee-e7cf-46f6-bec1-ad8e19122730", "content": "", "creation_timestamp": "2020-10-20T15:58:04.000000Z"}, {"uuid": "4153ab19-ed90-4a47-9d68-58730f35212d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://msrc.microsoft.com/blog/2020/01/january-2020-security-updates-cve-2020-0601/", "content": "", "creation_timestamp": "2020-01-14T07:00:00.000000Z"}, {"uuid": "add618a9-5bc2-4625-9963-b8c5b2831177", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://feedsin.space/feed/CISAKevBot/items/2970980", "content": "", "creation_timestamp": "2024-12-24T20:22:36.463094Z"}, {"uuid": "2299ad8d-70ad-49d2-993b-ffbceb0934a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://gist.github.com/tradebot-elastic/0443cfb5016bed103f1940b2f336e45a", "content": "", "creation_timestamp": "2025-01-09T15:31:50.000000Z"}, {"uuid": "f8ad2674-bed8-41d3-a7f9-81c509f3f670", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/tuxpanik.bsky.social/post/3lgvfhoorgw2o", "content": "", "creation_timestamp": "2025-01-29T16:32:34.478818Z"}, {"uuid": "28f4d145-0671-4256-a16f-765f734f3c0d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123", "content": "", "creation_timestamp": "2025-02-23T02:09:44.000000Z"}, {"uuid": "ce6c377b-5633-443d-90ec-2046e9ccd50d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://gist.github.com/secdev02/835ba9d8b6c7a2dcb61bf84f9d1cb549", "content": "", "creation_timestamp": "2025-11-20T00:05:35.000000Z"}, {"uuid": "6f27b14b-a19f-4223-bb4a-a73465a843be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "MISP/ab0b745f-bbd5-338e-8b92-97dd0c757e9d", "content": "", "creation_timestamp": "2025-08-31T03:01:00.000000Z"}, {"uuid": "17885f27-7d2b-401f-a188-d9f9ea694506", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3m7tmwrxxad2c", "content": "", "creation_timestamp": "2025-12-13T03:10:48.995576Z"}, {"uuid": "4172af2c-eded-4eb1-9175-ba3aa298aed3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://gist.github.com/Metis-Intel/b94dbfe682c0d50d18e127d4891208cb", "content": "", "creation_timestamp": "2025-12-16T03:39:35.000000Z"}, {"uuid": "a4576de5-b05e-4743-ba8f-be00af49837f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://www.govcert.gov.hk/en/alerts_detail.php?id=445", "content": "", "creation_timestamp": "2020-01-15T04:00:00.000000Z"}, {"uuid": "54e66819-7677-4d82-b8f3-d27fa6bded4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "af0120d0-3dac-4a6a-974b-a9f33d2a9846", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/00f1230b-e4ab-4a57-82b6-37ca92fc5626", "content": "", "creation_timestamp": "2026-02-02T12:28:56.989526Z"}, {"uuid": "cafce56c-39a4-4ff9-baea-697ea18f435c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/filippo.abyssdomain.expert/post/3mjklsutb6s2j", "content": "", "creation_timestamp": "2026-04-15T19:08:43.663506Z"}, {"uuid": "69ecacf6-8dc4-460e-b073-3811df8670a3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjleh5vimz25", "content": "", "creation_timestamp": "2026-04-16T02:29:33.060174Z"}, {"uuid": "f91cc92f-f78d-4775-977d-b0ca04c55c21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjnuvsllad2g", "content": "", "creation_timestamp": "2026-04-17T02:29:23.969488Z"}, {"uuid": "afb0da25-185e-48f9-9eaa-7ec5477c2df5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjqfe77gah2r", "content": "", "creation_timestamp": "2026-04-18T02:29:07.190601Z"}, {"uuid": "1076dc5e-630c-49ea-b446-bbd585ce5419", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjsvtyenpn2x", "content": "", "creation_timestamp": "2026-04-19T02:29:35.201608Z"}, {"uuid": "e1f6d0d2-554d-4fc1-bdf9-ed61a279b9e4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjvgdclzwg2x", "content": "", "creation_timestamp": "2026-04-20T02:29:48.704964Z"}, {"uuid": "3e2cbfcb-33f4-40ab-aca4-444ae7b0b77b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mjxwrhgkau2x", "content": "", "creation_timestamp": "2026-04-21T02:29:22.655340Z"}, {"uuid": "313c9b9e-8bb1-4b58-9ceb-b67169b262ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mk2ha7xm7v2g", "content": "", "creation_timestamp": "2026-04-22T02:29:17.644232Z"}, {"uuid": "3a56227e-a841-4e6f-a167-12fb3338ff08", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7637", "content": "Crypt32.dll \u0431\u0435\u0437 \u043f\u0430\u0442\u0447\u0430 \u043c\u043e\u0436\u0435\u0442 \u043d\u0435\u0441\u0442\u0438 \u0437\u043b\u043e, \u043e\u0431\u0445\u043e\u0434 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u043c\u0435\u0442\u043e\u0434\u0430 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0438 ECC \u043c\u043e\u0436\u0435\u0442 \u043f\u0440\u0438\u0432\u0435\u0441\u0442\u0438 \u043a \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0441\u0442\u0430\u043d\u0430\u0432\u043b\u0438\u0432\u0430\u0442\u044c \u041f\u041e \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u043e\u0435 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u043c \u0438 \u0442\u043f.\n\n\u041e\u0431 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u043e \u0410\u041d\u0411 (\u0441\u043c \u0432\u043b\u043e\u0436\u0435\u043d\u0438\u0435), \u0432 \u0441\u0432\u044f\u0437\u0438 \u0441 \u0447\u0435\u043c \u0435\u0435 (\u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c) \u043d\u0430\u0437\u0432\u0430\u043b\u0438 NSACrypt :)\n\n\u0414\u0435\u0442\u0430\u043b\u0438 \u043e\u0442 \u0432\u0435\u043d\u0434\u043e\u0440\u0430:\n\nhttps://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0601", "creation_timestamp": "2020-01-15T06:57:47.000000Z"}, {"uuid": "3e10493a-115c-4cd1-a7e7-e9558cf9541a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/antichat/7636", "content": "Patch Tuesday \u0443\u0436\u0435 \u0437\u0434\u0435\u0441\u044c, \u043d\u043e \u0432\u0441\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435 \u0442\u0430\u043a \u043f\u043b\u043e\u0445\u043e, \u043a\u0430\u043a \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 NSA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 \u0432 Microsoft. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0431\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \"\u0432\u0430\u0436\u043d\u0430\u044f\", \u0430 \u043d\u0435 \"\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f\", \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 \u043a\u0430\u043a \u043d\u0435 \u0432\u0438\u0434\u043d\u043e. \u041f\u0430\u0442\u0447 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u043b\u044f Windows 10, Windows Server 2016 \u0438 Windows Server 2019. \n\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\nPS \u0430 \u0448\u0443\u043c\u0443 \u0442\u043e \u0431\u044b\u043b\u043e. \u041d\u0435 \u0437\u0440\u044f \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0440\u0430\u0441\u0445\u0430\u0439\u043f\u0438\u043b\u0438 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0435\u0451 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 NSA \u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u0442\u0438\u0445\u0430\u0440\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0432 \u043a\u043e\u0438-\u0442\u043e \u0432\u0435\u043a\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043d\u0435\u0439 \u0441 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u043c. \u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u0440\u0435\u043f\u0443\u0442\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043e\u0441\u0440\u0430\u0442\u0443\u0448\u0435\u043a \u0441 EternalBlue, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0442\u0435\u043a\u043b\u0430 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0438 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u043d\u0430\u0434\u0435\u043b\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u0430.\n\n\u041e\u0411\u041d. \u0432\u043e\u0442 \u0435\u0449\u0435 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 NSA \nhttps://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF", "creation_timestamp": "2020-01-14T19:15:15.000000Z"}, {"uuid": "7e1ca980-aed8-4249-87cd-5fca474a106a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/antichat/7662", "content": "\u0412 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0441\u0432\u0435\u0436\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 CryptoAPI\nhttps://xakep.ru/2020/01/17/cve-2020-0601-pocs/", "creation_timestamp": "2020-01-17T08:46:15.000000Z"}, {"uuid": "a9b94f8e-35a1-4011-ad0d-db15c86744a5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/antichat/7661", "content": "\u0412\u044b\u0448\u043b\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u0434\u043b\u044f Google Chrome, \u0441 \u043d\u0430\u0431\u043e\u0440\u043e\u043c \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0444\u0438\u043a\u0441\u043e\u0432 (\u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043d\u0438\u0436\u0435), \u0438\u043d\u0442\u0435\u0440\u0435\u0441\u043d\u043e \u0442\u043e, \u0447\u0442\u043e \u0432 \u044d\u0442\u043e\u0442 \u043d\u0430\u0431\u043e\u0440 \u0434\u043e\u0431\u0430\u0432\u043b\u0435\u043d \u0444\u0438\u043a\u0441 \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u044b\u0439 \u0441 \u0437\u0430\u0449\u0438\u0442\u043e\u0439 \u043e\u0442 NSACrypt (cve-2020-0601):\n\nhttps://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html?m=1", "creation_timestamp": "2020-01-17T05:37:04.000000Z"}, {"uuid": "e666ad50-0873-4db3-ba79-2da25da2facb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/tech_b0lt_Genona/1321", "content": "PoC for CVE-2020-0601\nhttps://github.com/ollypwn/cve-2020-0601\n+\nCVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n+\n\u0412 Edge (\u0441\u043c. \u0441\u043a\u0440\u0438\u043d + twitter)  \u0443\u0434\u0430\u043b\u043e\u0441\u044c \u043e\u0431\u043e\u0439\u0442\u0438\nhttps://twitter.com/saleemrash1d/status/1217495681230954506\n\n\u0417\u042b \u0437\u0430 \u0441\u0441\u044b\u043b\u043a\u0443 \u043d\u0430 \u0442\u0432\u0438\u0442 \u0441\u043f\u0430\u0441\u0438\u0431\u043e @ldviolet", "creation_timestamp": "2020-01-16T17:14:27.000000Z"}, {"uuid": "e54f9eb6-305f-4fdc-87d5-e31c7f2f5290", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/N0iSeBit/364", "content": "\u0421\u0435\u0433\u043e\u0434\u043d\u044f MS \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u0430 \u043f\u0430\u0442\u0447 \u0434\u043b\u044f CVE-2020-0601 (Windows CryptoAPI Spoofing Vulnerability). \u0418 \u0432\u0440\u043e\u0434\u0435 \u0431\u044b \u0441\u043f\u0443\u0444\u0438\u043d\u0433 \u043d\u0435 \u0437\u0432\u0443\u0447\u0438\u0442 \u0442\u0430\u043a \u0441\u0442\u0440\u0430\u0448\u043d\u043e, \u043a\u0430\u043a RCE, \u043d\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0447\u0435\u043d\u044c \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f  \u0432 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u0442\u0435\u043c, \u0447\u0442\u043e \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043c\u043e\u0436\u0435\u0442 \u0437\u0430\u0441\u043f\u0443\u0444\u0438\u0442\u044c, \u0442\u043e \u0435\u0441\u0442\u044c \u043f\u043e\u043f\u0440\u043e\u0441\u0442\u0443 \u043f\u043e\u0434\u043c\u0435\u043d\u0438\u0442\u044c, code-signing certificate \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434, \u043a\u0430\u043a \u043f\u043e\u0434\u043f\u0438\u0441\u0430\u043d\u043d\u044b\u0439 \u0438 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0439. \u041d\u043e \u044d\u0442\u043e \u0435\u0449\u0435 \u043d\u0435 \u0432\u0441\u0435, \u043f\u043e\u0432\u0435\u0440\u0445\u043d\u043e\u0441\u0442\u044c \u0430\u0442\u0430\u043a\u0438 \u0437\u0434\u0435\u0441\u044c \u0433\u043e\u0440\u0430\u0437\u0434\u043e \u0431\u043e\u043b\u044c\u0448\u0435:\n\n- HTTPS connections\n- Signed files and emails\n- Signed executable code (user-mode)\n\n\u0412\u0441\u0435 \u0432\u0435\u0440\u0441\u0438\u0438 MS Win \u0438\u043c\u0435\u044e\u0449\u0438\u0435 \u043d\u0430 \u0431\u043e\u0440\u0442\u0443 CryptoAPI \u0438 Microsoft ECC Product Root Certificate, \u0430 \u044d\u0442\u043e \u0440\u043e\u0432\u043d\u044b\u043c \u0441\u0447\u0435\u0442\u043e\u043c \u0432\u0441\u0435 \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u0435\u043c\u044b\u0435 \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442 \u0432\u0435\u0440\u0441\u0438\u0438 \u041e\u0421. \u0418\u043d\u0442\u0440\u0438\u0433\u0430 \u043f\u043e \u043f\u043e\u0432\u043e\u0434\u0443 \u0440\u0430\u0441\u043a\u0440\u044b\u0442\u0438\u044f \u044d\u0442\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043d\u0435 \u0431\u044b\u043b\u0430 \u0431\u044b \u043f\u043e\u043b\u043d\u043e\u0439, \u0435\u0441\u043b\u0438 \u043d\u0435 \u0443\u043f\u043e\u043c\u044f\u043d\u0443\u0442\u044c, \u0447\u0442\u043e \u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b \u0435\u0435 \u0432 MS \u043d\u0438\u043a\u0442\u043e \u0438\u043d\u043e\u0439, \u043a\u0430\u043a NSA. \n\nhttps://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2056772/a-very-important-patch-tuesday/\n\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/adviso\n\nhttps://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/", "creation_timestamp": "2020-01-15T01:09:04.000000Z"}, {"uuid": "d7e1f8b6-7e20-42ef-b722-9b3056564757", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ics_cert/226", "content": "\u26a0\ufe0f \u0647\u0634\u062f\u0627\u0631\u2757\ufe0f \n\ud83d\udd34 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0631\u0648\u06cc \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u060c \u0627\u0639\u0645 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 \u0648 \u062f\u0633\u06a9\u062a\u0627\u067e ( \u0627\u0632 XP \u062a\u0627 \u0648\u06cc\u0646\u062f\u0648\u0632 10 \u0648 \u062d\u062a\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 2016 \u0648 2019! )\n\n\ud83d\udd37 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u06cc \u06cc\u06a9 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0628\u0647 \u0646\u0627\u0645 crypt32.dll \u06a9\u0647 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0648 \u0645\u0633\u0627\u0626\u0644 \u0645\u0631\u0628\u0648\u0637 \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0631\u0627 \u0628\u0631 \u0639\u0647\u062f\u0647 \u062f\u0627\u0631\u062f \u0648 \u06a9\u0627\u0631\u06a9\u0631\u062f \u0645\u0647\u0645 \u0622\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u060c \u062d\u0641\u0627\u0638\u062a \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u06cc \u0648 ... \u0627\u0633\u062a \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0648 \u062d\u062a\u06cc TLS \u0631\u0627 \u0646\u06cc\u0632 \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. \n\n\ud83d\udd36 \u0627\u06cc\u0646 \u0628\u062f\u0627\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0647\u0631 \u062f\u0648\u0644\u062a \u06cc\u0627 \u0645\u0647\u0627\u062c\u0645 \u0633\u0627\u0632\u0645\u0627\u0646 \u06cc\u0627\u0641\u062a\u0647\u200c\u0627\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0633\u062a \u0628\u0647 \u062c\u0639\u0644 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 SSL \u0632\u062f\u0647 \u0648 \u062a\u0631\u0627\u0641\u06cc\u06a9 \u0631\u062f \u0648 \u0628\u062f\u0644 \u0634\u062f\u0647 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f \u062d\u062a\u06cc \u0627\u06af\u0631 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0645\u0632\u0628\u0648\u0631 \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 HTTPS \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u0627\u06cc\u062f.\n\n\u2705 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u06af\u0631\u062f\u062f \u06a9\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648 \u062a\u0645\u0627\u0645\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0647\u0631 \u0686\u0647 \u0633\u0631\u06cc\u0639\u062a\u0631 \u0628\u0647 \u0646\u0635\u0628 \u0648\u0635\u0644\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2020-0601 \u0627\u0642\u062f\u0627\u0645 \u0646\u0645\u0627\u06cc\u0646\u062f.\n\n\ud83e\udd81\u00ab\u06a9\u062a\u0627\u0633\u00bb\n\u200fhttp://t.me/ict_security", "creation_timestamp": "2020-01-15T17:07:01.000000Z"}, {"uuid": "59e44f2b-68bd-4b15-a197-ce943d242eca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ics_cert/210", "content": "\u26a0\ufe0f \u0647\u0634\u062f\u0627\u0631\u2757\ufe0f \n\ud83d\udd34 \u06a9\u0634\u0641 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0628\u062d\u0631\u0627\u0646\u06cc \u0631\u0648\u06cc \u062a\u0645\u0627\u0645\u06cc \u0646\u0633\u062e\u0647\u200c\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u060c \u0627\u0639\u0645 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 \u0648 \u062f\u0633\u06a9\u062a\u0627\u067e ( \u0627\u0632 XP \u062a\u0627 \u0648\u06cc\u0646\u062f\u0648\u0632 10 \u0648 \u062d\u062a\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632 \u0633\u0631\u0648\u0631 2016 \u0648 2019! )\n\n\ud83d\udd37 \u0627\u06cc\u0646 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc \u0631\u0648\u06cc \u06cc\u06a9 \u06a9\u062a\u0627\u0628\u062e\u0627\u0646\u0647 \u0627\u0632 \u0648\u06cc\u0646\u062f\u0648\u0632 \u0628\u0647 \u0646\u0627\u0645 crypt32.dll \u06a9\u0647 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647\u200c\u0647\u0627 \u0648 \u0645\u0633\u0627\u0626\u0644 \u0645\u0631\u0628\u0648\u0637 \u0631\u0645\u0632\u0646\u06af\u0627\u0631\u06cc \u0631\u0627 \u0628\u0631 \u0639\u0647\u062f\u0647 \u062f\u0627\u0631\u062f \u0648 \u06a9\u0627\u0631\u06a9\u0631\u062f \u0645\u0647\u0645 \u0622\u0646 \u0627\u062d\u0631\u0627\u0632 \u0647\u0648\u06cc\u062a\u060c \u062d\u0641\u0627\u0638\u062a \u062f\u0627\u062f\u0647\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u062f\u0631 \u0645\u0631\u0648\u0631\u06af\u0631\u0647\u0627\u06cc \u0648\u06cc\u0646\u062f\u0648\u0632\u06cc \u0648 ... \u0627\u0633\u062a \u06a9\u0634\u0641 \u0634\u062f\u0647 \u0648 \u062d\u062a\u06cc TLS \u0631\u0627 \u0646\u06cc\u0632 \u062a\u062d\u062a \u062a\u0627\u062b\u06cc\u0631 \u0642\u0631\u0627\u0631 \u0645\u06cc\u200c\u062f\u0647\u062f. \n\n\ud83d\udd36 \u0627\u06cc\u0646 \u0628\u062f\u0627\u0646 \u0645\u0639\u0646\u0627\u0633\u062a \u06a9\u0647 \u0647\u0631 \u062f\u0648\u0644\u062a \u06cc\u0627 \u0645\u0647\u0627\u062c\u0645 \u0633\u0627\u0632\u0645\u0627\u0646 \u06cc\u0627\u0641\u062a\u0647\u200c\u0627\u06cc \u0645\u06cc\u200c\u062a\u0648\u0627\u0646\u062f \u062f\u0633\u062a \u0628\u0647 \u062c\u0639\u0644 \u06af\u0648\u0627\u0647\u06cc\u0646\u0627\u0645\u0647 SSL \u0632\u062f\u0647 \u0648 \u062a\u0631\u0627\u0641\u06cc\u06a9 \u0631\u062f \u0648 \u0628\u062f\u0644 \u0634\u062f\u0647 \u0631\u0627 \u0628\u062e\u0648\u0627\u0646\u062f \u062d\u062a\u06cc \u0627\u06af\u0631 \u0648\u0628\u200c\u0633\u0627\u06cc\u062a \u0645\u0632\u0628\u0648\u0631 \u0627\u0632 \u067e\u0631\u0648\u062a\u06a9\u0644 HTTPS \u0627\u0633\u062a\u0641\u0627\u062f\u0647 \u0646\u0645\u0627\u06cc\u062f.\n\n\u2705 \u062a\u0648\u0635\u06cc\u0647 \u0645\u06cc\u200c\u06af\u0631\u062f\u062f \u06a9\u0647 \u0645\u062f\u06cc\u0631\u0627\u0646 \u0634\u0628\u06a9\u0647 \u0633\u0627\u0632\u0645\u0627\u0646\u200c\u0647\u0627\u06cc \u062d\u0633\u0627\u0633 \u0648 \u062a\u0645\u0627\u0645\u06cc \u06a9\u0627\u0631\u0628\u0631\u0627\u0646 \u0647\u0631 \u0686\u0647 \u0633\u0631\u06cc\u0639\u062a\u0631 \u0628\u0647 \u0646\u0635\u0628 \u0648\u0635\u0644\u0647 \u0622\u0633\u06cc\u0628\u200c\u067e\u0630\u06cc\u0631\u06cc CVE-2020-0601 \u0627\u0642\u062f\u0627\u0645 \u0646\u0645\u0627\u06cc\u0646\u062f.\n\n\ud83e\udd81\u00ab\u06a9\u062a\u0627\u0633\u00bb\n\u200fhttp://t.me/ict_security", "creation_timestamp": "2020-01-15T17:07:04.000000Z"}, {"uuid": "c970799a-e415-4da1-8bed-73ced18cd0e1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/BleepingComputer/6608", "content": "Google Chrome Adds Protection for NSA's Windows CryptoAPI Flaw\n\nGoogle just released Chrome\u00a079.0.3945.130, which will now detect certificates that attempt to exploit the NSA discovered\u00a0CVE-2020-0601 CryptoAPI Windows vulnerability. [...]\n\nhttps://www.bleepingcomputer.com/news/security/google-chrome-adds-protection-for-nsas-windows-cryptoapi-flaw/", "creation_timestamp": "2020-01-16T22:22:27.000000Z"}, {"uuid": "cd8e97b9-c606-4ee8-9787-90d2ed388070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/BleepingComputer/6605", "content": "PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks\n\nProof-of-concept exploit code is now available for the Windows CryptoAPI\u00a0spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch. [...]\n\nhttps://www.bleepingcomputer.com/news/security/pocs-for-windows-cryptoapi-bug-are-out-show-real-life-exploit-risks/", "creation_timestamp": "2020-01-16T19:08:14.000000Z"}, {"uuid": "0d3fdd4b-ca67-4ebd-9e75-d0cf1aba1b85", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/BleepingComputer/6591", "content": "NSA's First Public Vulnerability Disclosure: An Effort to Build Trust\n\nThe U.S. National Security Agency (NSA) started a new chapter after discovering and reporting to Microsoft a vulnerability tracked as CVE-2020-0601 and impacting Windows 10 and Windows Server systems. [...]\n\nhttps://www.bleepingcomputer.com/news/security/nsas-first-public-vulnerability-disclosure-an-effort-to-build-trust/", "creation_timestamp": "2020-01-15T15:17:47.000000Z"}, {"uuid": "6048338b-effc-417a-a121-5de5f5f8969d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/BleepingComputer/6616", "content": "How Malware Gains Trust by Abusing the Windows CryptoAPI Flaw\n\nThe new Windows CryptoAPI CVE-2020-0601 vulnerability disclosed by the NSA can be abused by malware developers to sign their executables so that they appear to be from legitimate companies. This creates trust in the program, which may cause a user to be more willing to execute them. [...]\n\nhttps://www.bleepingcomputer.com/news/security/how-malware-gains-trust-by-abusing-the-windows-cryptoapi-flaw/", "creation_timestamp": "2020-01-17T21:36:01.000000Z"}, {"uuid": "b1610400-b8ac-484d-afc6-2a1163e88d3b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/alexmakus/3235", "content": "Patch Tuesday \u0443\u0436\u0435 \u0437\u0434\u0435\u0441\u044c, \u043d\u043e \u0432\u0441\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435 \u0442\u0430\u043a \u043f\u043b\u043e\u0445\u043e, \u043a\u0430\u043a \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 NSA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 \u0432 Microsoft. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0431\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \"\u0432\u0430\u0436\u043d\u0430\u044f\", \u0430 \u043d\u0435 \"\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f\", \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 \u043a\u0430\u043a \u043d\u0435 \u0432\u0438\u0434\u043d\u043e. \u041f\u0430\u0442\u0447 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u043b\u044f Windows 10, Windows Server 2016 \u0438 Windows Server 2019. \n\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\nPS \u0430 \u0448\u0443\u043c\u0443 \u0442\u043e \u0431\u044b\u043b\u043e. \u041d\u0435 \u0437\u0440\u044f \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0440\u0430\u0441\u0445\u0430\u0439\u043f\u0438\u043b\u0438 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0435\u0451 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 NSA \u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u0442\u0438\u0445\u0430\u0440\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0432 \u043a\u043e\u0438-\u0442\u043e \u0432\u0435\u043a\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043d\u0435\u0439 \u0441 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u043c. \u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u0440\u0435\u043f\u0443\u0442\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043e\u0441\u0440\u0430\u0442\u0443\u0448\u0435\u043a \u0441 EternalBlue, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0442\u0435\u043a\u043b\u0430 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0438 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u043d\u0430\u0434\u0435\u043b\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u0430.\n\n\u041e\u0411\u041d. \u0432\u043e\u0442 \u0435\u0449\u0435 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 NSA \nhttps://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF", "creation_timestamp": "2020-01-14T18:44:30.000000Z"}, {"uuid": "6417ec67-ba4b-4e5d-bc01-40a70fbe1070", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/cybershit/652", "content": "\u0412\u0447\u0435\u0440\u0430 \u0410\u041d\u0411 \u0437\u0430\u0440\u0435\u043f\u043e\u0440\u0442\u0438\u043b\u043e \u0432 Microsoft \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0443\u044e \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0443\u044e \u0441 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u043e\u0439 Crypt32.dll, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0438\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 \u043f\u043e\u0434\u043b\u0438\u043d\u043d\u043e\u0441\u0442\u0438 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0432 ECC Windows CryptoAPI.\n\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u0443\u0447\u0438\u043b\u0430 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 NSACrypt (CVE-2020-0601) \u0438 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 Windows 10 \u0438 Windows Server 2016/19.\n\n\u0421\u0443\u0442\u044c \u0437\u0430\u043a\u043b\u044e\u0447\u0430\u0435\u0442\u0441\u044f \u0432 \u0442\u043e\u043c, \u0447\u0442\u043e \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a, \u0432\u043e\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0432\u0448\u0438\u0441\u044c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\u044e, \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0434\u0434\u0435\u043b\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u0443\u044e \u043f\u043e\u0434\u043f\u0438\u0441\u044c \u0438\u0441\u043f\u043e\u043b\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u043d\u0430 \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u0443\u044e \u0438 \u043f\u043e\u043d\u044f\u0442\u044c, \u0447\u0442\u043e \u0444\u0430\u0439\u043b \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u0431\u0443\u0434\u0435\u0442 \u043f\u0440\u0430\u043a\u0442\u0438\u0447\u0435\u0441\u043a\u0438 \u043d\u0435\u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e. \u041f\u043e\u043c\u0438\u043c\u043e \u044d\u0442\u043e\u0433\u043e \u043c\u043e\u0436\u043d\u043e \u0434\u0435\u043b\u0430\u0442\u044c MITM \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u043b\u044e\u0431\u043e\u0433\u043e \u0441\u043a\u043e\u043c\u043f\u0440\u043e\u043c\u0435\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u041f\u041e.\n\n\u0423\u0436\u0435 \u0432\u044b\u043f\u0443\u0449\u0435\u043d\u044b \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 &gt;  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\u0420\u0435\u043f\u043e\u0440\u0442 &gt; https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF\n\u041f\u043e\u0434\u0440\u043e\u0431\u043d\u0435\u0435 &gt; https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d", "creation_timestamp": "2020-01-15T08:21:34.000000Z"}, {"uuid": "6469f1cf-a82d-44af-83db-d321272660e5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/is_n3ws/36", "content": "\u0410\u041d\u0411 \u043f\u0440\u043e\u0430\u043d\u0430\u043b\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u043b\u043e \u0430\u0442\u0430\u043a\u0438 \u043a\u0438\u0442\u0430\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u0430\u0432\u0438\u0442\u0435\u043b\u044c\u0441\u0432\u0442\u0432\u0435\u043d\u043d\u044b\u0445 \u0445\u0430\u043a\u0435\u0440\u043e\u0432 \u0438 \u0432\u044b\u043f\u0443\u0441\u0442\u0438\u043b\u043e \u043e\u0442\u0447\u0435\u0442. Top-20 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u0443\u0435\u043c\u044b\u0445 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439.\n\nhttps://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF\n\nGaining Remote Access: \n-----------------------------\nCVE-2019-11510: Arbitrary file read/Pulse Secure VPN\nCVE-2019-19781: RCE/Citrix ADC\nCVE-2020-8195/3/6: Unauthenticated access\nCVE-2019-0708: RCE on RDP server\nCVE-2020-5902: RCE in F5 BIG-IP\n\nAD:\n----\nCVE-2020-1472: #ZeroLogon\nCVE-2019-1040: NTLM relay bypass\n\nMDM: \n------\nCVE-2020-15505: MobileIron device management\n\nExploiting Public Facing Services:\n---------------- \nCVE-2020-1350: RCE/ DNS Servers #SigRed\nCVE-2018-6789: RCE/ Exim mail transfer\nCVE-2018-4939: RCE/ Adobe's Cold Fusion\n\nWorkstation Local Privilege Escalation:\n-------------------------\nCVE-2020-0601: ECC spoofing #CurveBall\nCVE-2019-0803: Win32k Elevation of Privilege\n\nInternal Applications:\n--------------------\nCVE-2020-0688: RCE/MS Exchange\nCVE-2020-2555: RCE/Oracle Weblogic\nCVE-2019-11580: RCE/Atlassian Crowd\nCVE-2019-18935: RCE/ASP.Net\nCVE-2015-4852: RCE/Apache\nCVE-2019-3396: Unauthorized Access/Confluence\nCVE-2020-10189: RCE/Desktop Central", "creation_timestamp": "2020-11-06T22:00:17.000000Z"}, {"uuid": "e5c33ef0-d57c-4eaa-9e6a-f5953a7b010f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cybershit/653", "content": "\u041a\u0441\u0442\u0430\u0442\u0438, \u043f\u043e\u043c\u0438\u043c\u043e CVE-2020-0601, \u0432 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u043c \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0438 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 Microsoft \u0442\u0430\u043a\u0436\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 RCE \u0432 Windows Remote Desktop Gateway (CVE-2020-0609, CVE-2020-0610) \u0438 Remote Desktop Client (CVE-2020-0611), \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u044e\u0442 \u0432 \u0442\u043e\u043c \u0447\u0438\u0441\u043b\u0435 Windows 7 \u0438 Server 2008 R2, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u0445 \u0441 \u0441\u0435\u0433\u043e\u0434\u043d\u044f\u0448\u043d\u0435\u0433\u043e \u0434\u043d\u044f \u043e\u0444\u0438\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043f\u0440\u0435\u043a\u0440\u0430\u0449\u0435\u043d\u0430.\n\nhttps://www.us-cert.gov/ncas/alerts/aa20-014a", "creation_timestamp": "2020-01-15T08:34:29.000000Z"}, {"uuid": "650a2e6b-6fe0-41f9-a6c7-6d6fe84c14dc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/w2hack/326", "content": "\u0414\u0440\u0443\u0437\u044c\u044f, \u0430 \u0432\u043e\u0442 \u043d\u0435\u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u043f\u043e\u0434\u0433\u043e\u043d fresh \u043d\u043e\u0432\u043e\u0441\u0442\u0435\u0439 \u0437\u0430 \u043d\u0430\u0447\u0430\u043b\u043e 2020 \u0433\u043e\u0434\u0430! \u0422\u043e\u043b\u044c\u043a\u043e \u0437\u0430\u043a\u043e\u043d\u0447\u0438\u043b\u0438\u0441\u044c \u043f\u0440\u0430\u0437\u0434\u043d\u0438\u043a\u0438, \u0430 \u0434\u0435\u043b \u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u0441\u044f \u0431\u043e\u043b\u044c\u0448\u0435\n\nWindows \u043e\u043f\u044f\u0442\u044c \u043f\u043e\u0438\u043c\u0435\u043b\u0438 \u043a\u0430\u043a \u0442\u043e\u043b\u044c\u043a\u043e \u043c\u043e\u0433\u043b\u0438! MS \u0441\u043d\u044f\u043b \u0441 \u0441\u0443\u043f\u043f\u043e\u0440\u0442\u0430 Win7 \u0438 \u0436\u0438\u0434\u043a\u043e \u0441\u0435\u0440\u0430\u0443\u043d\u043b \u043d\u043e\u0432\u044b\u043c \u0431\u0430\u0433\u043e\u043c CVE-2020-0601\n\n[News] https://habr.com/ru/company/solarsecurity/news/t/484000/\n[PoC \u0438 \u0441\u043e\u0440\u0446\u044b] https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d\n[\u0425\u0431\u043b\u043e\u0438\u0414] https://github.com/ollypwn/cve-2020-0601\n\n\u0410\u043d\u0430\u043b\u0438\u0437 \u00ab\u0433\u0440\u043e\u043c\u043a\u0438\u0445\u00bb \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u043e\u0432 \u0432 \u0441\u0444\u0435\u0440\u0435 \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0432 2019 \u0433\u043e\u0434\u0443 - \u043f\u043e\u0434\u0433\u043e\u043d \u0434\u043b\u044f \u043c\u043e\u043b\u043e\u0434\u0435\u0436\u0438, \u043a\u0442\u043e \u043f\u0438\u0448\u0435\u0442 \u0440\u0435\u0444\u0435\u0440\u0430\u0442\u044b \u0438\u043b\u0438 \u043a\u0443\u0440\u0441\u0430\u0447\u0438 \u0438\u043b\u0438 \u0441\u0442\u0430\u0442\u044c\u0438 \u043d\u0430 \u043a\u043e\u043d\u0444\u0435\u0440\u0435\u043d\u0446\u0438\u0438\nhttp://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%90%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7_%D0%B3%D1%80%D0%BE%D0%BC%D0%BA%D0%B8%D1%85_%D0%B8%D0%BD%D1%86%D0%B8%D0%B4%D0%B5%D0%BD%D1%82%D0%BE%D0%B2_%D0%B2_%D1%81%D1%84%D0%B5%D1%80%D0%B5_%D0%B8%D0%BD%D1%84%D0%BE%D1%80%D0%BC%D0%B0%D1%86%D0%B8%D0%BE%D0%BD%D0%BD%D0%BE%D0%B9_%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D0%B8_%D0%B2_2019_%D0%B3%D0%BE%D0%B4%D1%83\n\nKubernetes: \u043f\u043e\u0447\u0435\u043c\u0443 \u0442\u0430\u043a \u0432\u0430\u0436\u043d\u043e \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438 \u0441\u0438\u0441\u0442\u0435\u043c\u044b? - \u044f \u0443\u0436\u0435 \u043f\u0438\u0441\u0430\u043b \u043e\u0431 \u044d\u0442\u043e\u043c \u0432 \u043c\u0430\u0442\u0435\u0440\u0438\u0430\u043b\u0430\u0445 \u0440\u0430\u0441\u043f\u043b\u043e\u0436\u0435\u043d\u043d\u044b\u0445 \u043d\u0430 ][\u0430\u043a\u0435\u0440\u0435, \u0435\u0449\u0435 \u0440\u0430\u0437 \u0442\u043e\u0436\u0435 \u0441\u0430\u043c\u043e\u0435, \u043d\u043e \u043e\u0442 \u0434\u0440\u0443\u0433\u043e\u0433\u043e \u0430\u0432\u0442\u043e\u0440\u0430 \nhttps://habr.com/ru/company/nixys/blog/480072/\n\n\u0414\u043b\u044f \u0442\u0435\u0445, \u043a\u0442\u043e \u0440\u043e\u0431\u0438\u0442 \u0432 \u0431\u0430\u043d\u043a\u0430\u0445 \u043d\u043e\u0432\u044b\u0435 \u043a\u043e\u043c\u0435\u043d\u0442\u044b \u043f\u043e \u043d\u043e\u0440\u043c\u0430\u0442\u0438\u0432\u043a\u0435, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0437\u0430\u044e\u0437\u0430\u0435\u0442\u0441\u044f \u0432 2020\nhttps://habr.com/ru/post/483844/\n\n\u0421\u0431\u043e\u0439 \u0432 \u0440\u0430\u0431\u043e\u0442\u0435 \u0420\u043e\u0441\u0440\u0435\u0435\u0441\u0442\u0440\u0430! \u0414\u0430, \u043b\u0430\u0434\u043d\u043e, \u0441\u043d\u043e\u0432\u0430 \u043f\u0440\u043e\u0435\u0431\u0430\u043b\u0438!? \u0410 \u043d\u0435\u0435\u0435\u0442, \u0433\u043e\u0432\u043e\u0440\u044f\u0442 \u044d\u0442\u043e \u0432\u0441\u0435 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0435 \u041f\u041e \u0432\u0438\u043d\u043e\u0432\u0430\u0442\u043e\nhttps://www.kommersant.ru/doc/3731094?fbclid=IwAR3W4AdLwygZ00SbjZb5dj4U_Ft-UBgD5MK4Wj7QuvEjJcQTQnHxD4zjH8w", "creation_timestamp": "2020-01-16T15:00:04.000000Z"}, {"uuid": "177f68d6-d911-4ac1-81cb-b7511e154461", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19640", "content": "Looking for silver linings in the CVE-2020-0601 crypto vulnerability\n\nhttps://ift.tt/37nVS4n", "creation_timestamp": "2020-01-23T14:44:15.000000Z"}, {"uuid": "44c35f96-e568-4a75-8143-6b88d4394463", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19472", "content": "Using the CVE-2020-0601 vulnerability, attackers can create code-signing certificates that spoof legitimate companies. For example, a malware can appear to be from Microsoft. http://twitter.com/BleepinComputer/status/1218271295361765378", "creation_timestamp": "2020-01-17T21:50:38.000000Z"}, {"uuid": "560d9a3f-e7ff-4e0c-aa81-893069882712", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19427", "content": "Google has added protections for the CVE-2020-0601 CryptoAPI Windows vulnerability in Chrome 79.0.3945.130 that was released today. http://twitter.com/BleepinComputer/status/1217935719429214211", "creation_timestamp": "2020-01-16T23:50:35.000000Z"}, {"uuid": "c9b71650-01f5-4292-a038-28ac083975c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19469", "content": "Attack scenarios for the Windows CVE-2020-0601 vulnerability have mostly focused on web scenarios, but malware distributors can also abuse it to make their executables appear more trustworthy. http://twitter.com/BleepinComputer/status/1218271291930824711", "creation_timestamp": "2020-01-17T21:50:36.000000Z"}, {"uuid": "44c929b7-10f6-41e0-9b5a-6fab6e958b93", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/ctinow/19345", "content": "Microsoft Patches Windows Vuln Discovered by the NSA  The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.  https://www.darkreading.com/threat-intelligence/microsoft-patches-windows-vuln-discovered-by-the-nsa-/d/d-id/1336807?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple", "creation_timestamp": "2020-01-15T01:32:16.000000Z"}, {"uuid": "166b5bc8-bde0-4490-9841-d396ccda7e4c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/ctinow/19339", "content": "RT @AmitaiTechie: Windows Defender Antivirus detects files w/crafted certificates exploiting the certificate validation vulnerability:\n\u200bExploit:Win32/CVE-2020-0601.A (PE files)\nExploit:Win32/CVE-2020-0601.B (Scripts)\nAlso, #Microsoft Defender ATP has a threat report on your posture. #CVE-2020-0601 https://t.co/dFqJV5za8F http://twitter.com/BleepinComputer/status/1217208176191463425", "creation_timestamp": "2020-01-14T23:37:05.000000Z"}, {"uuid": "07b292e8-c515-4583-b97d-578c66c8eef7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cyberguerre/31", "content": "Patch Tuesday \u0443\u0436\u0435 \u0437\u0434\u0435\u0441\u044c, \u043d\u043e \u0432\u0441\u0435 \u043e\u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c \u043d\u0435 \u0442\u0430\u043a \u043f\u043b\u043e\u0445\u043e, \u043a\u0430\u043a \u0438\u0437\u043d\u0430\u0447\u0430\u043b\u044c\u043d\u043e \u043a\u0430\u0437\u0430\u043b\u043e\u0441\u044c. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0431\u044b\u043b\u0430 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u0430\u043c\u0438 NSA, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u043e\u0431\u0449\u0438\u043b\u0438 \u043e \u043d\u0435\u0439 \u0432 Microsoft. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0442\u044c \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430\u043c \u0438\u043c\u0438\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0446\u0438\u0444\u0440\u043e\u0432\u044b\u0435 \u043f\u043e\u0434\u043f\u0438\u0441\u0438 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u0439, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u043b\u043e \u0431\u044b \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0435 \u043f\u0440\u0438\u043b\u043e\u0436\u0435\u043d\u0438\u044f \u043f\u043e\u0434 \u0432\u0438\u0434\u043e\u043c \u043b\u0435\u0433\u0438\u0442\u0438\u043c\u043d\u044b\u0445. \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043e\u0442\u043c\u0435\u0447\u0435\u043d\u0430 \u043a\u0430\u043a \"\u0432\u0430\u0436\u043d\u0430\u044f\", \u0430 \u043d\u0435 \"\u043a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0430\u044f\", \u0438 \u0430\u043a\u0442\u0438\u0432\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0432\u0440\u043e\u0434\u0435 \u043a\u0430\u043a \u043d\u0435 \u0432\u0438\u0434\u043d\u043e. \u041f\u0430\u0442\u0447 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u0434\u043b\u044f Windows 10, Windows Server 2016 \u0438 Windows Server 2019. \n\nhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601\n\nPS \u0430 \u0448\u0443\u043c\u0443 \u0442\u043e \u0431\u044b\u043b\u043e. \u041d\u0435 \u0437\u0440\u044f \u0433\u043e\u0432\u043e\u0440\u044f\u0442, \u0447\u0442\u043e \u0440\u0430\u0441\u0445\u0430\u0439\u043f\u0438\u043b\u0438 \u044d\u0442\u0443 \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0443 \u0438\u0437-\u0437\u0430 \u0442\u043e\u0433\u043e, \u0447\u0442\u043e \u0435\u0451 \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0430 NSA \u0438 \u0432\u043c\u0435\u0441\u0442\u043e \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u0432\u0442\u0438\u0445\u0430\u0440\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c, \u0432 \u043a\u043e\u0438-\u0442\u043e \u0432\u0435\u043a\u0438 \u043f\u043e\u0434\u0435\u043b\u0438\u043b\u0430\u0441\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u0435\u0439 \u043e \u043d\u0435\u0439 \u0441 \u0432\u0435\u043d\u0434\u043e\u0440\u043e\u043c. \u041d\u0430\u0432\u0435\u0440\u043d\u044f\u043a\u0430 \u043f\u044b\u0442\u0430\u044e\u0442\u0441\u044f \u0432\u043e\u0441\u0441\u0442\u0430\u043d\u043e\u0432\u0438\u0442\u044c \u0441\u0432\u043e\u044e \u0440\u0435\u043f\u0443\u0442\u0430\u0446\u0438\u044e \u043f\u043e\u0441\u043b\u0435 \u043e\u0431\u043e\u0441\u0440\u0430\u0442\u0443\u0448\u0435\u043a \u0441 EternalBlue, \u043a\u043e\u0442\u043e\u0440\u0430\u044f \u0443\u0442\u0435\u043a\u043b\u0430 \u043f\u0430\u0440\u0443 \u043b\u0435\u0442 \u043d\u0430\u0437\u0430\u0434 \u0438 \u0441 \u0442\u0435\u0445 \u043f\u043e\u0440 \u043d\u0430\u0434\u0435\u043b\u0430\u043b\u0430 \u0432\u0440\u0435\u0434\u0430.\n\n\u041e\u0411\u041d. \u0432\u043e\u0442 \u0435\u0449\u0435 \u0441\u0441\u044b\u043b\u043a\u0430 \u043d\u0430 NSA \nhttps://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF", "creation_timestamp": "2020-01-14T21:49:26.000000Z"}, {"uuid": "8731600f-7832-495b-af3f-fd2ed7012b2e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "Telegram/0sD_EyHySREvSWLaWKL-XHqTqDduPkHhIy1vEKF4pCPQbv8", "content": "", "creation_timestamp": "2020-10-28T02:58:38.000000Z"}, {"uuid": "fc8754c5-5327-4921-af2a-59e3f4313d45", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/information_security_channel/34094", "content": "Microsoft Patches Windows Vuln Discovered by the NSA\nhttps://www.darkreading.com/threat-intelligence/microsoft-patches-windows-vuln-discovered-by-the-nsa-/d/d-id/1336807?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\n\nThe National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.", "creation_timestamp": "2020-01-15T00:49:19.000000Z"}, {"uuid": "098822a7-be64-4f0e-9fa0-5c19e33e9867", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/information_security_channel/34141", "content": "PoC Exploits Released for Crypto Vulnerability Found by NSA\nhttp://feedproxy.google.com/~r/Securityweek/~3/1n2Ugx2e268/poc-exploits-released-crypto-vulnerability-found-nsa\n\nSeveral proof-of-concept (PoC) exploits have already been created \u2014 and some of them have been made public \u2014 for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched  (https://www.securityweek.com/nsa-discloses-serious-windows-vulnerability-microsoft)recently after being notified by the U.S. National Security Agency.\nread more (https://www.securityweek.com/poc-exploits-released-crypto-vulnerability-found-nsa)", "creation_timestamp": "2020-01-16T16:09:19.000000Z"}, {"uuid": "ecb38b78-320b-4f30-adbe-e5eb11704960", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/information_security_channel/34160", "content": "Proof-of-Concept Exploits Released for The Microsoft-NSA Crypto vulnerability \u2013 CVE-2020-0601\nhttps://gbhackers.com/poc-exploit-cve-2020-0601/", "creation_timestamp": "2020-01-17T03:59:35.000000Z"}, {"uuid": "cf3ab4d5-d1ad-4c21-a12c-4e4f9be7b7b4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/information_security_channel/34162", "content": "Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, security researchers have published PoC Exploit that explains how attackers can exploit the Windows CryptoAPI Spoofing bug with cryptographically impersonate any website or server on the Internet. Microsoft\u2019s January Patch Tuesday security bulletin disclosed the importance \u2013 severity vulnerability. It [\u2026]\nThe post Proof-of-Concept Exploits Released for The Microsoft-NSA Crypto vulnerability \u2013 CVE-2020-0601 (https://gbhackers.com/poc-exploit-cve-2020-0601/) appeared first on GBHackers On Security (https://gbhackers.com/).", "creation_timestamp": "2020-01-17T03:59:36.000000Z"}, {"uuid": "e8a0871f-0679-4fd9-895a-91cee72499bd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/thehackernews/577", "content": "WARNING: Install Latest Windows 10 Updates Immediately!\n\nMicrosoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).\n\nRead more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html", "creation_timestamp": "2020-01-14T20:00:01.000000Z"}, {"uuid": "63d2bc06-b17a-4003-ad8b-83f6071da042", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/xakep_ru/8596", "content": "\u0412 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0441\u0432\u0435\u0436\u0435\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 CryptoAPI\n\n\u0412 \u0441\u0435\u0442\u0438 \u043f\u043e\u044f\u0432\u0438\u043b\u0438\u0441\u044c PoC-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u043e\u043f\u0430\u0441\u043d\u043e\u0439 \u043a\u0440\u0438\u043f\u0442\u043e\u0433\u0440\u0430\u0444\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0432 CryptoAPI, \u043a\u043e\u0442\u043e\u0440\u0443\u044e \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0438\u043b\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u0438\u0441\u0442\u044b \u0410\u041d\u0411 \u0421\u0428\u0410.\n\nhttps://xakep.ru/2020/01/17/cve-2020-0601-pocs/", "creation_timestamp": "2020-01-17T09:35:16.000000Z"}, {"uuid": "65bae4d2-5449-4ddd-af6e-5f29618a4d1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "exploited", "source": "https://t.me/canyoupwnme/6262", "content": "PoC for CVE-2020-0601\nhttps://github.com/ollypwn/cve-2020-0601", "creation_timestamp": "2020-01-17T11:19:41.000000Z"}, {"uuid": "477e7763-f5f5-45cd-b356-dd11554d619a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/arvin_club/1500", "content": "WARNING: Install Latest Windows 10 Updates Immediately!\n\nMicrosoft today released patches for a severe Windows CryptoAPI spoofing vulnerability (CVE-2020-0601) that was discovered by the National Security Agency (NSA).\n\nRead more: https://thehackernews.com/2020/01/warning-quickly-patch-new-critical.html", "creation_timestamp": "2020-01-15T07:28:58.000000Z"}, {"uuid": "5dab0ebc-5e10-4e16-abcc-24cc0c4a11b6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/VulnerabilityNews/12022", "content": "Looking for silver linings in the CVE-2020-0601 crypto vulnerability\nRead More", "creation_timestamp": "2020-01-23T14:51:06.000000Z"}, {"uuid": "ae12c47e-95af-4800-bdf8-345b50604029", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/628", "content": "#AppSec                                                                                                                                                    An In-Depth Technical Analysis of CurveBall (CVE-2020-0601)\nhttps://blog.trendmicro.com/trendlabs-security-intelligence/an-in-depth-technical-analysis-of-curveball-cve-2020-0601\n// Post highlight the code-level root cause analysis of the vulnerability in the context of how applications are likely to use CryptoAPI to handle certificates in the context of applications communicating via TLS", "creation_timestamp": "2024-10-09T23:07:11.000000Z"}, {"uuid": "e337357a-28dd-4d5e-b5c1-68d1d1964667", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/2358", "content": "#Analytics\nTop-10 exploited vulnerabilities in July-December 2020:\n1. CVE-2020-0601 - CurveBall CryptoAPI\nhttps://t.me/cybersecuritytechnologies/628\n2. CVE-2019-17026/CVE-2020-0674 - 0-Day Vulnerability in Mozilla Firefox\nhttps://t.me/cybersecuritytechnologies/914\n3. CVE-2020-0796 - Windows SMBv3 LPE exploit\nhttps://t.me/cybersecuritytechnologies/874\n4. CVE-2020-1472 - Microsoft Zerologon\nhttps://t.me/cybersecuritytechnologies/1742\n5. CVE-2020-5902/5903 - F5 BigIP TMUI Critical RCE\nhttps://t.me/cybersecuritytechnologies/1378\n6. CVE-2018-10561 - Dasan GPON Router Auth. Bypass\nhttps://t.me/cybersecuritytechnologies/51\n7. CVE-2020-1350 - Exploit SIGRed\nhttps://t.me/cybersecuritytechnologies/1422\n8. CVE-2020-15999 + CVE-2020-17087 = Win Kernel cng.sys buffer overflow 0-Day\nhttps://t.me/cybersecuritytechnologies/1960\nhttps://t.me/cybersecuritytechnologies/2010\n9. CVE-2020-16898 - \"Bad Neighbor\" RCE Vulnerability\nhttps://t.me/cybersecuritytechnologies/1912\n10. CVE-2020-1938 - \"Ghostcat\" Apache Tomcat\nhttps://t.me/cybersecuritytechnologies/705", "creation_timestamp": "2025-01-04T20:00:34.000000Z"}, {"uuid": "4e7171d9-139c-4484-b141-9f0292daa94a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/5545", "content": "#Research\n#cryptography\nExamining CVE-2020-0601 Crypt32.dll Elliptic Curve Cryptography (ECC) Certificate Validation Vulnerability", "creation_timestamp": "2022-03-05T11:12:02.000000Z"}, {"uuid": "c203d39b-4860-4a8d-9117-18782ece0ae7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cibsecurity/9377", "content": "\u26a0 Looking for silver linings in the CVE-2020-0601 crypto vulnerability \u26a0\n\nIs there some good news hidden in the story of the CVE-2020-0601 crypto vulnerability?\n\n\ud83d\udcd6 Read\n\nvia \"Naked Security\".", "creation_timestamp": "2020-01-23T14:55:21.000000Z"}, {"uuid": "7cdf2721-ec0a-40d5-b9d0-05ae301b1e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-0601", "type": "seen", "source": "https://t.me/cibsecurity/9190", "content": "\ud83d\udd74 Microsoft Patches Windows Vuln Discovered by the NSA \ud83d\udd74\n\nThe National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.\n\n\ud83d\udcd6 Read\n\nvia \"Dark Reading: \".", "creation_timestamp": "2020-01-15T01:41:09.000000Z"}]}