关于 CVE-2020-0601 

CVE-2020-0601是crypt32.dll中的一个欺骗漏洞，crypt32.dll是Microsoft Windows中的一个核心加密模块，负责在Microsoft的CryptoAPI中实现证书和加密消息传递功能。

由于CVE-2020-0601绕过了Windows验证加密信任的功能，攻击者可能会将恶意应用程序作为合法可信的代码传递出去，从而使Windows主机处于危险之中。攻击者需要以另一种方式危害系统才能部署利用此漏洞的恶意软件。他们可能会使用常见的网络钓鱼策略诱使受信任的用户与恶意应用程序交互，或者使用中间人攻击通过环境中另一个受损的设备欺骗被拦截的更新并用恶意软件替换。

分析指出了一些信任验证会受到影响的例子：

• HTTPs连接
• 签名文件和电子邮件
• 作为用户模式进程启动的签名可执行代码

影响范围：

Microsoft Windows 10 Version 1607 for 32-bit Systems

Microsoft Windows 10 Version 1607 for x64-based Systems

Microsoft Windows 10 Version 1709 for ARM64-based Systems

Microsoft Windows 10 Version 1803 for 32-bit Systems

Microsoft Windows 10 Version 1803 for ARM64-based Systems

Microsoft Windows 10 Version 1803 for x64-based Systems

Microsoft Windows 10 Version 1809 for 32-bit Systems

Microsoft Windows 10 Version 1809 for ARM64-based Systems

Microsoft Windows 10 Version 1809 for x64-based Systems

Microsoft Windows 10 Version 1903 for 32-bit Systems

Microsoft Windows 10 Version 1903 for ARM64-based Systems

Microsoft Windows 10 Version 1903 for x64-based Systems

Microsoft Windows 10 Version 1909 for 32-bit Systems

Microsoft Windows 10 Version 1909 for ARM64-based Systems

Microsoft Windows 10 Version 1909 for x64-based Systems

Microsoft Windows 10 for 32-bit Systems

Microsoft Windows 10 for x64-based Systems

Microsoft Windows 10 version 1709 for 32-bit Systems

Microsoft Windows 10 version 1709 for x64-based Systems

Microsoft Windows Server 1803

Microsoft Windows Server 1903

Microsoft Windows Server 1909

Microsoft Windows Server 2016

Microsoft Windows Server 2019