Dashboard Toolbox - VM DASHBOARD BETA: Microsoft CryptoAPI Spoofing (CVE-2020-0601) v2

Document created by DMFezzaReed Employee on Jan 15, 2020Last modified by DMFezzaReed Employee on Jan 22, 2020
Version 7Show Document
  • View in full screen mode

This page contains information to create a Microsoft CryptoAPI Spoofing (CVE-2020-0601) Dashboard v2 leveraging data in your Qualys Vulnerability Management subscription. 

Jan 22, 2020 DMFezzaReed

 

Version 1 of this dashboard uncovered a bug in the "Group By" function within the widgets which has been corrected in Version 2.  I have removed the original json and replaced it with a new file. 

 

  • The bug found was related to grouping by "Vulnerability by OS". 
  • The widgets have be updated to now group by Asset "Operating System".  

 

 

Related Qualys Blog Post: Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate   

Related Community Discussion: CVE vs. QID  Added Jan 20, 2020

 

Additional Community Posts: 

 

Vulnerability Details

 

Consider the possibilities for this dashboard.  It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE).  For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.

 

IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection

 

When you export dashboard(s) and/or widget(s) that have "Enable historical data collection" turned on, and then import them later, you will have to manually "Enable historical data collection" following your import.  This is by design.  The action of turning on this feature starts the clock for data retention.

 

 

If you have any questions, please post them below, contact your TAM, or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc..

 

 

 

Back to Dashboards and Reporting Resources - Start Here 

Back to Dashboard Toolbox - New Vulnerability Management (VM) Dashboard BETA 

Outcomes