Root Causes 62: Windows CryptoAPI Spoofing Vulnerability Explained

On January 14 Microsoft announced a sweeping vulnerability that makes it possible to defeat the authentication of Elliptic Curve Cryptography (ECC) on Windows 10 and Windows Server systems, making it possible to create fake certificates on trusted roots that will fool these systems. Join our hosts and guest Nick France, CTO of SSL at Sectigo, as we explain this vulnerability, how it could be used in exploits, and what must be done to address it.