This page contains information to create a Microsoft CryptoAPI Spoofing (CVE-2020-0601) Dashboard v2 leveraging data in your Qualys Vulnerability Management subscription.
Jan 22, 2020 DMFezzaReed:
Version 1 of this dashboard uncovered a bug in the "Group By" function within the widgets which has been corrected in Version 2. I have removed the original json and replaced it with a new file.
- The bug found was related to grouping by "Vulnerability by OS".
- The widgets have be updated to now group by Asset "Operating System".
Related Qualys Blog Post: Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601) – How to Detect and Remediate
Related Community Discussion: CVE vs. QID Added Jan 20, 2020
Additional Community Posts:
- QID for CryptoAPI?
- Microsoft Security Bulletins: January 2020
- Qualys Threat Protection: CVE-2020-0601 (Paid TP Subscription Req'd)
- LinkedIn: Dashboard Toolbox - VM DASHBOARD BETA: QLYS - Microsoft CryptoAPI
- CVEs: CVE-2020-0601
- QID 91595: Microsoft Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
- Windows Authentication Required
- VulnSig Version 2.4.791-3
- Cloud Agent Manifest version 2.4.791.3-2
- Advisory: January 2020 Security Updates: CVE-2020-0601 - Microsoft Security Response Center
Consider the possibilities for this dashboard. It could be updated to report by status (vulnerabilities.status: [NEW,ACTIVE,REOPENED,FIXED]), or patchable vs. configuration (vulnerabilities.vulnerability.patchAvailable: TRUE/FALSE). For examples of widgets using these tokens, please visit Dashboard Toolbox - Top 10 Vulnerabilities Scorecard BETA.
IMPORTANT: Importing Dashboard and/or Widget JSON files - Enable historical data collection
If you have any questions, please post them below, contact your TAM, or Contact Support - Technical Assistance Inquiry Form | Qualys, Inc..