Support Center > Search Results > SecureKnowledge Details
Check Point Response to CVE-2020-0601 (CryptoAPI Spoofing Vulnerability)
Symptoms
  • On January 14, 2020, Microsoft published the following: "A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates." This issue is listed as: CVE-2020-0601 For more information see: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability
Solution

Which Check Point products are affected?

Any product installed on Microsoft Windows is affected by this vulnerability, as the vulnerability is in the operating system's security API. This affects certificate validation of binary files, web sites visited, and more.

Affected applications (due to the fact that they are installed and based on Microsoft Windows) include (but are not limited to) Check Point Endpoint Security Client for Windows, Endpoint Security VPN (the client side), Identity Awareness Windows client, SmartConsole and ZoneAlarm.

 

What should I do to protect myself?

Update your Microsoft Windows operating systems. There is no need for a software update from Check Point.

In general, follow Microsoft's recommendations for updates as mentioned in their advisory: CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

 

Are there any Check Point protections against this?

Yes. There are dedicated Check Point SandBlast Network and IPS protections focusing on blocking relevant attack attempts.

 

Which Check Point products are not affected?

Check Point Security Gateway, Security Management, and all other products that are not installed on Microsoft Windows.

This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment