Hey everyone! I'm still pretty new to security stuff and I've been tasked with managing it at my medium-sized company with around 200 people. Today, I spotted two alerts in the M365 Defender portal indicating attempts to exploit CVE-2020-0601 — one was from March and the other just popped up on my own PC. Both alerts refer to a Microsoft root certificate with its SHA1 hash. After doing a bit of research, I learned that this issue is linked to certificate spoofing, but it seems to have been patched back in 2020 through Windows Update. I'm a bit confused about how serious these alerts are and what steps I should take next. Should I be worried about them happening more than once, especially on my own machine? Any insights or advice would be greatly appreciated!
1 Answer
First off, don’t beat yourself up for asking questions; we all start somewhere! To really assess the situation, you need to confirm that the patch for this CVE has been successfully applied to your systems. Just seeing that the alerts popped up doesn’t automatically mean you’re vulnerable. Check the configuration of the affected endpoints and ensure they are fully updated. It might be a good idea to dig into how the exploit works, just to be informed. Feel free to reach out if you need help with that stuff!
So if the endpoints are all updated with the patches from 2020, does that mean I'm in the clear?