Microsoft released patches for vulnerabilities found in Windows® CryptoAPI

Recently, Microsoft announced that the procedure for checking x.509 certificates based on ECC in Windows® contains a critical vulnerability. Patches have been released for all supported versions of Windows®.

The vulnerability was revealed on 14 January. It is associated with Windows® CryptoAPI and makes it possible to create spoofed TLS and Code Signing certificates.

We strongly recommend that you immediately install patches on all Windows® systems you use. A set of security updates is available at: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601.

Microsoft recommends that users with Windows® 10, Windows® Server 2016, and Windows® Server 2019 upgrade as quickly as possible.

What should clients do with existing SSL certificates?

Note that the vulnerability DOES NOT AFFECT the certificates you already have, regardless of whether they use the ECC encryption algorithm or not.

You DO NOT NEED to reissue your Code Signing and / or TLS certificates. You DO NOT NEED to refuse to use the ECC algorithm (if you use it).

Subscribe to our updates to keep up-to-date with all the latest news from the world of SSL.