Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-0601 PoC — Microsoft Windows CryptoAPI 信任管理问题漏洞

Source
https://github.com/Doug-Moody/Windows10_Cumulative_Updates_PowerShell
Associated Vulnerability
Title:Microsoft Windows CryptoAPI 信任管理问题漏洞 (CVE-2020-0601)
Description:A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Description
Powershell to patch CVE-2020-0601 . Complete security rollup for Windows 10 1507-1909
Readme
Just use this - https://github.com/aaronparker/LatestUpdate  


Updates everything if ENTERPRISE or EDU Win 10.  If PRO only 1809 , 1903 & 1909 are patched. 



# Windows10_Cumulative_Updates_PowerShell
This powershell script can be ran on a system and will identify if a system is patched for CVE-2020-0601 "Curveball" and if not will then download the appropriate patch and execute.  Only works for Windows 10 1507-1909 (If ENterprise or EDU, if PRO only 1809-1909), didn't include for arm based CPUs or embedded versions.  Will update for Server 2016 later. 

This is a cumualtive update so downloads all security related updates in one rollup.




Alternatives:

There has been a write-up for two other options using Powershell -

https://www.virtualizationhowto.com/2020/01/automate-curveball-crypt32-dll-patching/


GIST to pull CLU's based on version of windows running. Read comments section. May need updating
https://gist.github.com/keithga/1ad0abd1f7ba6e2f8aff63d94ab03048
File Snapshot

 [4.0K]  /data/pocs/c565067771c38cacb860dd518a2ebaedb37e2178
├── [1.0K]  LICENSE
├── [ 985]  README.md
└── [ 34K]  Windows 10 Security Rollup  Patches CVE-2020-0601

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →