A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.
An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.
A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.
The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.
2020-01 Cumulative Update for Windows 10 Version 1507 for x64-based Systems (KB4534306)windows10.0-kb4534306-x64_fe79ab28516198be477c18e53390f802588bca6c.msu
2020-01 Cumulative Update for Windows 10 Version 1507 for x86-based Systems (KB4534306)windows10.0-kb4534306-x86_b79d87ac2c7692f2c152122c818baed709e4f11e.msu
2020-01 Cumulative Update for Windows 10 Version 1607 for x64-based Systems (KB4534271)windows10.0-kb4534271-x64_a009e866038836e277b167c85c58bbf1e0cc5dc8.msu
2020-01 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB4534271) windows10.0-kb4534271-x86_1401cdaf3781a6b032b558afd90fff6faa5569d3.msu
2020-01 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4534293)
windows10.0-kb4534293-x64_af7ad26642b7c49788d70902f1918b9b234292cf.msu
2020-01 Cumulative Update for Windows 10 Version 1803 for x86-based Systems (KB4534293) windows10.0-kb4534293-x86_eea3d9658ebced3365ba55a6cc3de62a2a67ef93.msu
2020-01 Cumulative Update for Windows 10 Version 1903 for x64-based Systems (KB4528760)windows10.0-kb4528760-x64_4ea59b94564145460ab025616ff10460bb7894d8.msu
2020-01 Cumulative Update for Windows 10 Version 1903 for x86-based Systems (KB4528760)windows10.0-kb4528760-x86_e8a6aae0076403e9d8d68c3ccc3f753728298b83.msu
2020-01 Cumulative Update for Windows Server, version 1909 for x64-based Systems (KB4528760)windows10.0-kb4528760-x64_4ea59b94564145460ab025616ff10460bb7894d8.msu
2020-01 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4534271)windows10.0-kb4534271-x64_a009e866038836e277b167c85c58bbf1e0cc5dc8.msu