Microsoft Windows CryptoAPI Spoofing (CVE-2020-0601)

A spoofing vulnerability exists in the way Windows CryptoAPI validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear as if the file was from a trusted source.

You can read the full article here.