Steve stevebanik

## snyk-broker.template.yaml
AWSTemplateFormatVersion: 2010-09-09
Parameters:
  KeyName:
    Type: 'AWS::EC2::KeyPair::KeyName'
    Description: Name of an existing EC2 KeyPair to enable SSH access to the ECS instances.
  VpcId:
    Type: 'AWS::EC2::VPC::Id'
    Description: Select a VPC that allows instances to access the Internet.
  SubnetId:
    Type: 'List<AWS::EC2::Subnet::Id>'

## 20200114-TLP-WHITE_CVE-2020-0601.md

      
              1 file
            
          
              22 forks
            
          
              25 comments
            
          
              93 stars
            
          
                SwitHak
                / 20200114-TLP-WHITE_CVE-2020-0601.md
            
            
              Last active
              February 9, 2024 14:42
            
              
                BlueTeam CheatSheet * CVE-2020-0601 * crypt32.dll | Last updated: 2020-01-21 1817 UTC
              
          
    CVE-2020-0601 AKA ChainOfFools OR CurveBall

General


Microsoft disclosed a vulnerability in their monthly Patch Tuesday referenced under CVE-2020-0601.
The vulnerability was discovered by the U.S. National Security Agency, anounced today (2020-01-14) in their press conference,  followed by a blog post and an official security advisory.
The flaw is located in the "CRYPT32.DLL" file under the C:\Windows\System32\ directory.

Vulnerability explanation


NSA description:
NSA has discovered a critical vulnerability (CVE-2020-0601) affecting Microsoft Windows® cryptographic functionality.
	AWSTemplateFormatVersion: 2010-09-09
	Parameters:
	KeyName:
	Type: 'AWS::EC2::KeyPair::KeyName'
	Description: Name of an existing EC2 KeyPair to enable SSH access to the ECS instances.
	VpcId:
	Type: 'AWS::EC2::VPC::Id'
	Description: Select a VPC that allows instances to access the Internet.
	SubnetId:
	Type: 'List<AWS::EC2::Subnet::Id>'