Are versions older than Windows 10 versions affected by this vulnerability?
No, only Windows 10 versions of the OS are affected. In the initial release of Windows 10 (Build 1507, TH1), Microsoft added support for ECC parameters configuring ECC curves. Prior to this, Windows only supported named ECC curves. The code which added support for ECC parameters also resulted in the certificate validation vulnerability. It was not a regression, and versions of Windows which don’t support ECC parameters configuring ECC curves (Server, 2008, Windows 7, Windows 8.1 and servers) were not affected.(Acknowledgements: National Security Agency)
Thursday, January 23, 2020
Windows 7 sometimes safer than Windows 10: Windows CryptoAPI Spoofing Vulnerability
From the CVE-2020-0601 FAQ:
Subscribe to:
Posts (Atom)