Loading
A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'.
Use CWE-295, Microsoft vendor hub and Windows 10 1507 product page to widen CVE-2020-0601 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2025-59295, CVE-2025-64680 and CVE-2025-64679 for nearby disclosures in the same product family. Additional editorial context is available in Weekly Security Roundup: Navigating the April 2026 Threat Landscape and Critical Framework Exploits.