¡¾·ì϶¹«¸æ¡¿CVE-2020-0601 | Windows CryptoAPIºýŪ·ì϶

°ä²¼¹¦·ò 2020-01-16



8827Ì«Ñô¼¯ÍÅ(Macau)¹É·ÝÓÐÏÞ¹«Ë¾-Official website


1.²¼¾°ÃèÊö


1ÔÂ14ÈÕ΢ÈíÔÚÀýÐеÄÖܶþ²¹¶¡¸üÐÂÖн¨¸´ÁËÒ»¸öWindows CryptoAPIºýŪ·ì϶£¬£¬£¬ £¬£¬£¬¸Ã·ì϶£¨CVE-2020-0601£©ÊÇWindows CryptoAPI£¨Crypt32.dll£©ÔÚÑéÖ¤ÍÖÔ²ÇúÏß¼ÓÃÜËã·¨£¨ECC£©Ö¤Êé¹ý³ÌÖеķì϶£¬£¬£¬ £¬£¬£¬¹¥»÷Õß¿ÉÄÜÀûÓø÷ì϶αÔìÊý×ÖÖ¤Êé»òÌáÒéÖÐÑëÈ˹¥»÷¡£¡£¡£¡£¡£¡£¸Ã·ì϶ÊÇÓÉNSA·¢Ïֺͻ㱨µÄ£¬£¬£¬ £¬£¬£¬NSAÍøÂ簲ȫ×ܼàAnne Neuberger°µÊ¾£¬£¬£¬ £¬£¬£¬ÕâÊǸûú¹¹³õ´Î¾ö¶¨ÏòÈí¼þ¹©¸øÉ̹«¿ªÅû¶°²È«·ì϶¡£¡£¡£¡£¡£¡£


2.Ó°ÏìÁìÓò


Windows 10

Windows Server2016

Windows Server 2019


3.·ì϶ÏêÇé


¸Ã·ì϶±»¸ú×ÙΪCVE-2020-0601£¬£¬£¬ £¬£¬£¬Ó°ÏìÁËWindows CryptoAPI£¬£¬£¬ £¬£¬£¬ºóÕßÊÇWindows²Ù×÷ϵͳ´¦ÖÃÃÜÂë²Ù×÷µÄÖ÷Ìâ×é¼þ¡£¡£¡£¡£¡£¡£Æ¾¾Ý΢Èí°ä²¼µÄ°²È«²¼¸æ£¬£¬£¬ £¬£¬£¬ Windows CryptoAPI£¨Crypt32.dll£©ÑéÖ¤ÍÖÔ²ÇúÏß¼ÓÃÜËã·¨£¨ECC£©Ö¤ÊéµÄ·½Ê½ÖдæÔÚÒ»¸öºýŪ·ì϶£¬£¬£¬ £¬£¬£¬¹¥»÷Õß¿ÉÀûÓø÷ì϶¶Ô¶ñÒâ¿ÉÖ´ÐÐÎļþ½øÐÐÊðÃû£¬£¬£¬ £¬£¬£¬Ê¹¸ÃÎļþ¿´ÆðÀ´ÏñÊÇÀ´×ÔÊÜÐÅÀµµÄºÏ·¨ÆðÔ´¡£¡£¡£¡£¡£¡£³ýÁËαÔìÎļþÊðÃûÖ®±í£¬£¬£¬ £¬£¬£¬¸Ã·ì϶»¹Äܹ»ÓÃÓÚαÔìÓÃÓÚ¼ÓÃÜͨѶµÄÊý×ÖÖ¤Êé¡£¡£¡£¡£¡£¡£Î¢Èí°µÊ¾£¬£¬£¬ £¬£¬£¬³É¹¦µÄÀûÓû¹Äܹ»Ê¹¹¥»÷Õß½øÐÐÖÐÑëÈ˹¥»÷£¬£¬£¬ £¬£¬£¬²¢ÔÚÓëÊÜÓ°ÏìÈí¼þµÄÓû§ÏνÓÉϽâÃÜ»úÃÜÐÅÏ¢¡£¡£¡£¡£¡£¡£¡±


ƾ¾ÝNSAµÄ˵·¨£¬£¬£¬ £¬£¬£¬³É¹¦ÀûÓô˷ì϶½«ÔÊÐí¹¥»÷Õß´«µÝÀ´×Ô¿ÉÐÅʵÌåµÄ¶ñÒâ´úÂ룬£¬£¬ £¬£¬£¬²¢·ÖÎöÖ¸³öÁËһЩÐÅÀµÑéÖ¤»áÊܵ½Ó°ÏìµÄÀý×Ó£º


           HTTPsÏνÓ

           ÊðÃûÎļþºÍµç×ÓÓʼþ

           ×÷ΪÓû§Ä£Ê½¹ý³ÌÆô¶¯µÄÊðÃû¿ÉÖ´ÐдúÂë


ÖµÍ×ÌùÐĵÄÊÇÖ¸¶¨²ÎÊýµÄ ECC ÃÜÔ¿Ö¤ÊéµÄ Windows °æ±¾»áÊܵ½Ó°Ï죬£¬£¬ £¬£¬£¬¶øÕâÒ»»úÔ죬£¬£¬ £¬£¬£¬×îÔçÓÉ WIN10 ÒýÈ룬£¬£¬ £¬£¬£¬Ó°Ïì WIN10£¬£¬£¬ £¬£¬£¬Windows Server 2016/2019 °æ±¾£¬£¬£¬ £¬£¬£¬¶øÓÚ½ñÄê 1 Ô 14 ÈÕÖÕ³¡°²È«ÊØ»¤µÄ WIN7/Windows Server 2008 ÓÉÓÚ²»Ö§³Ö´ø²ÎÊýµÄ ECC ÃÜÔ¿£¬£¬£¬ £¬£¬£¬Òò¶ø²»ÊÜÓйØÓ°Ï죬£¬£¬ £¬£¬£¬µ«ÒÀÈ»½¨ÒéÓû§½« WIN7/ Windows Server 2008 ϵͳ¸üÐÂÖÁ×îÐ嵀 WIN10 ϵͳ»ò Windows Server2016 Ö®ºóµÄ°æ±¾£¬£¬£¬ £¬£¬£¬²¢¸üÐÂÓйذ²È«²¹¶¡¡£¡£¡£¡£¡£¡£


΢ÈíºÍÃÀ¹úNSA°µÊ¾£¬£¬£¬ £¬£¬£¬ÔÚ²¹¶¡°ä²¼Ö®Ç°»¹Ã»Óз¢ÏÖÈκÎ×Ô¶¯ÀûÓô˷ì϶µÄ¹¥»÷¡£¡£¡£¡£¡£¡£NSAÔÚ14ÈÕÍíЩʱ³½°ä²¼ÁË×Ô¼ºµÄ°²È«²¼¸æ£¬£¬£¬ £¬£¬£¬ÆäÖÐÔ̺¬»º½âÐÅÏ¢ÒÔ¼°ÈôºÎ¼ì²â·ì϶ÀûÓ㬣¬£¬ £¬£¬£¬»¹¶½´ÙITÔ±¹¤¾¡¿ì×°ÖÃÖܶþ°²È«¸üС£¡£¡£¡£¡£¡£ºÓɽ°²È«ÊýÍøÂ簲ȫºÍ»ù´¡ÉèÊ©°²È«¾Ö£¨DHS CISA£©Ò²°ä²¼ÁË´¹Î£Ö¸Á£¬£¬ £¬£¬£¬ÌáÐÑÃÀ¹ú˽Ӫ²¿Ãź͵ÐÔÖʵÌå±ØÒª×°ÖÃ×îÐÂWindows½¨¸´²¹¶¡¡£¡£¡£¡£¡£¡£


4.½¨¸´½¨Òé


½¨Òé¸üÐÂWindows°²È«²¹¶¡


5.²Î¿¼Á´½Ó


https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601

https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

https://cyber.dhs.gov/ed/20-02/