{"id":103213,"date":"2020-01-19T19:49:08","date_gmt":"2020-01-20T03:49:08","guid":{"rendered":"https:\/\/unit42.paloaltonetworks.com\/?p=103213"},"modified":"2020-01-20T18:27:42","modified_gmt":"2020-01-21T02:27:42","slug":"threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601","status":"publish","type":"post","link":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/","title":{"rendered":"\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)"},"content":{"rendered":"<h2><a id=\"post-103213-executive-summary\"><\/a>\u6982\u8981<\/h2>\n<p>2020\u5e741\u6708\u3001\u65b0\u5e74\u6700\u521d\u306e<a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\/releasenotedetail\/2020-Jan\">\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0<\/a>\u306bMicrosoft\u306f17\u500b\u306e\u65b0\u3057\u3044\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u4fee\u6b63\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u4e2d\u306b\u306fCurveball\u3068\u3057\u3066\u77e5\u3089\u308c\u308b<a href=\"https:\/\/portal.msrc.microsoft.com\/en-US\/security-guidance\/advisory\/CVE-2020-0601\">CVE-2020-0601<\/a>\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u672c\u8106\u5f31\u6027\u306f\u3001Windows CryptoAPI\uff08Crypt32.dll\uff09\u306b\u5b58\u5728\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u5177\u4f53\u7684\u306b\u306fElliptic Curve Cryptography\uff08\u6955\u5186\u66f2\u7dda\u6697\u53f7\u3001ECC\uff09\u8a3c\u660e\u66f8\u306e\u691c\u8a3c\u306b\u4f7f\u7528\u3055\u308c\u308b\u65b9\u6cd5\u306b\u95a2\u9023\u3057\u305f\u3082\u306e\u3067\u3059\u3002\u30ea\u30ea\u30fc\u30b9\u6642\u70b9\u3067\u540c\u793e\u306f\u672c\u8106\u5f31\u6027\u304c\u5b9f\u969b\u306b\u60aa\u7528\u3055\u308c\u3066\u3044\u308b\u69d8\u5b50\u306f\u3053\u308c\u307e\u3067\u78ba\u8a8d\u3055\u308c\u3066\u3044\u306a\u3044\u3068\u3057\u3066\u3044\u307e\u3059\u3002\u30ea\u30b5\u30fc\u30c1\u30e3\u30fc\u306eTal Be'ery\u6c0f\u306f\u3001\u300c<a href=\"https:\/\/medium.com\/zengo\/win10-crypto-vulnerability-cheating-in-elliptic-curve-billiards-2-69b45f2dcab6\">Win 10 Crypto Vulnerability: Cheating in Elliptic Curve Billiard 2 (Windows 10 \u306b\u6697\u53f7\u95a2\u9023\u306e\u8106\u5f31\u6027: \u6955\u5186\u66f2\u7dda\u30d3\u30ea\u30e4\u30fc\u30c9\u3092\u51fa\u3057\u629c\u304f\u65b9\u6cd5\u305d\u306e2)\u300d<\/a>\u3068\u3044\u3046\u30bf\u30a4\u30c8\u30eb\u306e\u30d6\u30ed\u30b0\u3067\u540c\u8106\u5f31\u6027\u306b\u3064\u3044\u3066\u8a73\u7d30\u306b\u8aac\u660e\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-103213-mitigation-actions\"><\/a>\u56de\u907f\u30fb\u7de9\u548c\u7b56<\/h2>\n<p>\u540c\u793e\u306e\u63d0\u4f9b\u3057\u305f<a href=\"https:\/\/portal.msrc.microsoft.com\/en-us\/security-guidance\">\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0<\/a>\u306b\u306f\u3001\u6a19\u6e96\u7684\u306a\u30aa\u30da\u30ec\u30fc\u30c6\u30a3\u30f3\u30b0\u30b7\u30b9\u30c6\u30e0\u95a2\u9023\u306e\u4fee\u6b63\u306b\u304f\u308f\u3048\u3001\u65b0\u3057\u3044\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30a4\u30b9\uff08API\uff09\u306e\u6a5f\u80fd\u304c\u8ffd\u52a0\u3055\u308c\u3066\u3044\u307e\u3057\u305f\u3002\u3053\u306e\u65b0\u3057\u3044 API \u3067\u3042\u308b<a href=\"https:\/\/docs.microsoft.com\/en-us\/windows\/win32\/api\/securitybaseapi\/nf-securitybaseapi-cveeventwrite\">CveEventWrite<\/a>\u95a2\u6570\u3092\u5229\u7528\u3059\u308b\u3068\u3001\u30e6\u30fc\u30b6\u30fc\u30e2\u30fc\u30c9\u306e\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u8a66\u307f\u3092\u767a\u751f\u3055\u305b\u305f\u3055\u3044\u306b\u30a4\u30d9\u30f3\u30c8\u3092\u767a\u884c\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u30a2\u30ca\u30ea\u30b9\u30c8\u306f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u3092\u9069\u7528\u3057\u305f\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e1\u30c3\u30bb\u30fc\u30b8\u300cCVE-2020-0601\u300d\u306e\u30a2\u30e9\u30fc\u30c8\u3092\u53ce\u96c6\u3059\u308b\u3053\u3068\u3067\u672c\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3088\u3046\u3068\u3059\u308b\u8a66\u307f\u3092\u63a2\u7d22\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u306a\u304a\u3001Chrome\u30d6\u30e9\u30a6\u30b6\u3092\u5229\u7528\u3057\u3066\u3044\u308b\u30e6\u30fc\u30b6\u30fc\u3082\u3001\u30d0\u30fc\u30b8\u30e7\u30f3\u3092\u6700\u65b0\u7248 (\u672c\u7a3f\u57f7\u7b46\u6b21\u70b9\u3067\u306f<a href=\"https:\/\/chromereleases.googleblog.com\/2020\/01\/stable-channel-update-for-desktop_16.html\">79.0.3945.130<\/a>) \u306b\u66f4\u65b0\u3059\u308b\u3053\u3068\u3092\u304a\u52e7\u3081\u3057\u307e\u3059\u3002Chrome \u306f\u6700\u8fd1\u3001TLS\u306e\u554f\u984c\u3092\u4fee\u6b63\u3059\u308b\u305f\u3081\u306e\u30a2\u30c3\u30d7\u30c7\u30fc\u30c8\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2><a id=\"post-103213-conclusion\"><\/a>\u7d50\u8ad6<\/h2>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u3001Microsoft Active Protection Program \uff08MAPP\uff09\u306e\u30d1\u30fc\u30c8\u30ca\u30fc\u3067\u3059\u3002\u3053\u306e\u305f\u3081\u672c\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u8a73\u7d30\u3092\u65e9\u671f\u306b\u53d7\u3051\u53d6\u308b\u3053\u3068\u304c\u3067\u304d\u3001\u8105\u5a01\u306b\u3064\u3044\u3066\u3088\u308a\u6df1\u304f\u7406\u89e3\u3057\u3001\u305d\u3053\u304b\u3089\u5f97\u305f\u77e5\u898b\u3092\u88fd\u54c1\u306b\u3088\u308b\u4fdd\u8b77\u306e\u63d0\u4f9b\u306b\u53cd\u6620\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\u3002<\/p>\n<p>\u672c\u8106\u5f31\u6027\u304b\u3089\u81ea\u7d44\u7e54\u3092\u4fdd\u8b77\u3059\u308b\u3044\u3061\u3070\u3093\u306e\u65b9\u6cd5\u306f Microsoft \u88fd\u54c1\u3092\u6700\u65b0\u306e\u4fee\u6b63\u30d7\u30ed\u30b0\u30e9\u30e0\u3067\u6700\u65b0\u72b6\u614b\u306b\u4fdd\u3064\u3053\u3068\u3067\u3059\u3059\u3002<\/p>\n<p>\u73fe\u6642\u70b9\u3067WildFire\u3092\u3054\u5229\u7528\u4e2d\u306e\u304a\u5ba2\u69d8\u306f\u3001\u9759\u7684\u30b7\u30b0\u30cd\u30c1\u30e3\u306b\u3088\u308b\u691c\u51fa\u3067\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002\u307e\u305f\u4fee\u6b63\u304c\u9069\u7528\u3055\u308c\u305f\u30b7\u30b9\u30c6\u30e0\u4e0a\u3067Cortex Agent\u3092\u7a3c\u50cd\u4e2d\u306e\u304a\u5ba2\u69d8\u306f\u3001\u60aa\u7528\u306e\u8a66\u307f\u304c\u3042\u308c\u3070CveEventWrite\u30a4\u30d9\u30f3\u30c8\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u767a\u884c\u3055\u308c\u540c\u30a4\u30d9\u30f3\u30c8\u95a2\u9023\u306e\u30a2\u30e9\u30fc\u30c8\u3092\u53d7\u3051\u53d6\u308a\u307e\u3059\u3002<\/p>\n<p>Cortex Agent \u306f\u3001\u632f\u308b\u821e\u3044\u30d9\u30fc\u30b9\u306e\u8105\u5a01\u4fdd\u8b77\u6a5f\u80fd\u3092\u5229\u7528\u3057\u3001\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u4e0a\u306e\u6d3b\u52d5\u3092\u7d99\u7d9a\u76e3\u8996\u3057\u3066\u3044\u307e\u3059\u3002\u307e\u305f\u3001\u30a4\u30d9\u30f3\u30c8\u3054\u3068\u306b\u30a2\u30e9\u30fc\u30c8\u3092\u9001\u4fe1\u3059\u308b\u306e\u3067\u306f\u306a\u304f\u3001\u56e0\u679c\u9023\u9396\u3068\u3057\u3066\u77e5\u3089\u308c\u308b\u30a4\u30d9\u30f3\u30c8\u30c1\u30a7\u30fc\u30f3\u3092\u7279\u5b9a\u30fb\u5206\u6790\u3057\u3066\u3044\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001Cortex Agent \u306f\u3001\u500b\u5225\u306b\u30a4\u30d9\u30f3\u30c8\u3092\u691c\u67fb\u3057\u305f\u3060\u3051\u3067\u306f\u6b63\u5f53\u306a\u3082\u306e\u3068\u8aa4\u3063\u3066\u5224\u5b9a\u3055\u308c\u304b\u306d\u306a\u3044\u30a4\u30d9\u30f3\u30c8\u30c1\u30a7\u30fc\u30f3\u5185\u306e\u60aa\u610f\u306e\u3042\u308b\u6d3b\u52d5\u3092\u3082\u691c\u51fa\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002\u56e0\u679c\u9023\u9396\u306b\u306f\u3001\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u4e0a\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3001\u30d7\u30ed\u30bb\u30b9\u3001\u30d5\u30a1\u30a4\u30eb\u3001\u30ec\u30b8\u30b9\u30c8\u30ea\u306b\u95a2\u3059\u308b\u6d3b\u52d5\u306e\u4efb\u610f\u306e\u30b7\u30fc\u30b1\u30f3\u30b9\u3092\u542b\u3081\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u3055\u3089\u306b\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306e\u6b21\u4e16\u4ee3\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3092<a href=\"https:\/\/docs.paloaltonetworks.com\/best-practices\/9-0\/internet-gateway-best-practices\/best-practice-internet-gateway-security-policy\/decrypt-traffic-for-full-visibility-and-threat-inspection.html\">SSL\u5fa9\u53f7\u306e\u30d9\u30b9\u30c8\u30d7\u30e9\u30af\u30c6\u30a3\u30b9<\/a>\u306b\u3082\u3068\u3065\u3044\u3066\u4f7f\u7528\u3057\u3001\u4fe1\u983c\u3067\u304d\u306a\u3044\u767a\u884c\u8005\u304c\u7f72\u540d\u3057\u305f\u8a3c\u660e\u66f8\u306b\u3088\u308b\u30bb\u30c3\u30b7\u30e7\u30f3\u3092\u30d6\u30ed\u30c3\u30af\u3055\u308c\u3066\u3044\u308b\u304a\u5ba2\u69d8\u306f\u3001\u672c\u8106\u5f31\u6027\u516c\u958b\u521d\u65e5\u6642\u70b9\u304b\u3089\u3053\u306e\u8106\u5f31\u6027\u306b\u5bfe\u3057\u3066\u4fdd\u8b77\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u30d1\u30ed\u30a2\u30eb\u30c8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b9\u306f\u3001\u65b0\u3057\u3044\u60c5\u5831\u3084\u63a8\u5968\u4e8b\u9805\u304c\u5229\u7528\u53ef\u80fd\u306b\u306a\u308a\u6b21\u7b2c\u3001\u672c\u7a3f\u3092\u66f4\u65b0\u3057\u307e\u3059\u3002<\/p>\n<h2>\u53c2\u8003\u8cc7\u6599:<\/h2>\n<p><a href=\"https:\/\/research.kudelskisecurity.com\/2020\/01\/15\/cve-2020-0601-the-chainoffools-attack-explained-with-poc\/\">CVE-2020-0601: The ChainOfFools\/CurveBall Attack Explained POC (CVE-2020-0601\uff1aChainOfFools\/CurveBall \u653b\u6483\u306e\u8aac\u660ePoC)<\/a><\/p>\n<p><a href=\"https:\/\/medium.com\/zengo\/win10-crypto-vulnerability-cheating-in-elliptic-curve-billiards-2-69b45f2dcab6\">Win10 Crypto Vulnerability: Cheating in Elliptic Curve Billiards 2 (Windows 10 \u306b\u6697\u53f7\u95a2\u9023\u306e\u8106\u5f31\u6027: \u6955\u5186\u66f2\u7dda\u30d3\u30ea\u30e4\u30fc\u30c9\u3092\u51fa\u3057\u629c\u304f\u65b9\u6cd5\u305d\u306e2)<\/a><\/p>\n<p><a href=\"https:\/\/media.defense.gov\/2020\/Jan\/14\/2002234275\/-1\/-1\/0\/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF\">NSA Cybersecurity Advisory (NSA \u306b\u3088\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30a2\u30c9\u30d0\u30a4\u30b6\u30ea)<\/a><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u6982\u8981 2020\u5e741\u6708\u3001\u65b0\u5e74\u6700\u521d\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306bMicrosoft\u306f17\u500b\u306e\u65b0\u3057\u3044\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u4fee\u6b63\u3092\u30ea\u30ea\u30fc\u30b9\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u4e2d\u306b\u306fCurveball\u3068\u3057\u3066\u77e5\u3089\u308c\u308bCVE-2020-0601\u3082\u542b\u307e\u308c\u3066\u3044\u307e\u3057<\/p>\n","protected":false},"author":61,"featured_media":103214,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[4469,4432,4470],"tags":[6443,6444,4813],"product_categories":[4444,4343,4448,4456],"coauthors":[831,614],"class_list":["post-103213","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities","category-top-cyberthreats-ja","category-vulnerabilities-ja","tag-curveball-ja","tag-cve-2020-0601","tag-microsoft-vulnerability-ja","product_categories-advanced-wildfire-ja","product_categories-cortex-xdr","product_categories-cortex-xdr-ja","product_categories-next-generation-firewall-ja"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.0 (Yoast SEO v27.0) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)<\/title>\n<meta name=\"description\" content=\"Microsoft\u306f2020\u5e74\u6700\u521d\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306717\u500b\u306e\u65b0\u3057\u3044\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u4fee\u6b63\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u306a\u304b\u3067Curveball\u3068\u3057\u3066\u77e5\u3089\u308c\u308bCVE-2020-0601\u306e\u8106\u5f31\u6027\u306f\u6955\u5186\u66f2\u7dda\u6697\u53f7\u306b\u3088\u308b\u8a3c\u660e\u66f8\u691c\u8a3c\u65b9\u6cd5\u306b\u95a2\u9023\u3057\u305f\u8106\u5f31\u6027\u3067\u3059\u3002\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/\" \/>\n<meta property=\"og:locale\" content=\"ja_JP\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)\" \/>\n<meta property=\"og:description\" content=\"Microsoft\u306f2020\u5e74\u6700\u521d\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306717\u500b\u306e\u65b0\u3057\u3044\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u4fee\u6b63\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u306a\u304b\u3067Curveball\u3068\u3057\u3066\u77e5\u3089\u308c\u308bCVE-2020-0601\u306e\u8106\u5f31\u6027\u306f\u6955\u5186\u66f2\u7dda\u6697\u53f7\u306b\u3088\u308b\u8a3c\u660e\u66f8\u691c\u8a3c\u65b9\u6cd5\u306b\u95a2\u9023\u3057\u305f\u8106\u5f31\u6027\u3067\u3059\u3002\" \/>\n<meta property=\"og:url\" content=\"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/\" \/>\n<meta property=\"og:site_name\" content=\"Unit 42\" \/>\n<meta property=\"article:published_time\" content=\"2020-01-20T03:49:08+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-01-21T02:27:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/01\/word-image-99.png\" \/>\n\t<meta property=\"og:image:width\" content=\"900\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Mike Harbison, Brandon Young\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)","description":"Microsoft\u306f2020\u5e74\u6700\u521d\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306717\u500b\u306e\u65b0\u3057\u3044\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u4fee\u6b63\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u306a\u304b\u3067Curveball\u3068\u3057\u3066\u77e5\u3089\u308c\u308bCVE-2020-0601\u306e\u8106\u5f31\u6027\u306f\u6955\u5186\u66f2\u7dda\u6697\u53f7\u306b\u3088\u308b\u8a3c\u660e\u66f8\u691c\u8a3c\u65b9\u6cd5\u306b\u95a2\u9023\u3057\u305f\u8106\u5f31\u6027\u3067\u3059\u3002","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/","og_locale":"ja_JP","og_type":"article","og_title":"\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)","og_description":"Microsoft\u306f2020\u5e74\u6700\u521d\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306717\u500b\u306e\u65b0\u3057\u3044\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u4fee\u6b63\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u306a\u304b\u3067Curveball\u3068\u3057\u3066\u77e5\u3089\u308c\u308bCVE-2020-0601\u306e\u8106\u5f31\u6027\u306f\u6955\u5186\u66f2\u7dda\u6697\u53f7\u306b\u3088\u308b\u8a3c\u660e\u66f8\u691c\u8a3c\u65b9\u6cd5\u306b\u95a2\u9023\u3057\u305f\u8106\u5f31\u6027\u3067\u3059\u3002","og_url":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/","og_site_name":"Unit 42","article_published_time":"2020-01-20T03:49:08+00:00","article_modified_time":"2020-01-21T02:27:42+00:00","og_image":[{"width":900,"height":450,"url":"https:\/\/unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/01\/word-image-99.png","type":"image\/png"}],"author":"Mike Harbison, Brandon Young","twitter_card":"summary_large_image","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#article","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/"},"author":{"name":"Mike Harbison","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/b4be528290190ed8c6aa6d8817df3d78"},"headline":"\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)","datePublished":"2020-01-20T03:49:08+00:00","dateModified":"2020-01-21T02:27:42+00:00","mainEntityOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/"},"wordCount":79,"commentCount":0,"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/01\/word-image-99.png","keywords":["Curveball","CVE-2020-0601","Microsoft Vulnerability"],"articleSection":["Vulnerabilities","\u4e3b\u306a\u30b5\u30a4\u30d0\u30fc\u8105\u5a01","\u8106\u5f31\u6027"],"inLanguage":"ja","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/","url":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/","name":"\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)","isPartOf":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#primaryimage"},"image":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#primaryimage"},"thumbnailUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/01\/word-image-99.png","datePublished":"2020-01-20T03:49:08+00:00","dateModified":"2020-01-21T02:27:42+00:00","author":{"@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/b4be528290190ed8c6aa6d8817df3d78"},"description":"Microsoft\u306f2020\u5e74\u6700\u521d\u306e\u6708\u4f8b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u66f4\u65b0\u30d7\u30ed\u30b0\u30e9\u30e0\u306717\u500b\u306e\u65b0\u3057\u3044\u8106\u5f31\u6027\u306b\u5bfe\u3059\u308b\u4fee\u6b63\u3092\u516c\u958b\u3057\u307e\u3057\u305f\u3002\u305d\u306e\u306a\u304b\u3067Curveball\u3068\u3057\u3066\u77e5\u3089\u308c\u308bCVE-2020-0601\u306e\u8106\u5f31\u6027\u306f\u6955\u5186\u66f2\u7dda\u6697\u53f7\u306b\u3088\u308b\u8a3c\u660e\u66f8\u691c\u8a3c\u65b9\u6cd5\u306b\u95a2\u9023\u3057\u305f\u8106\u5f31\u6027\u3067\u3059\u3002","breadcrumb":{"@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#breadcrumb"},"inLanguage":"ja","potentialAction":[{"@type":"ReadAction","target":["https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/"]}]},{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#primaryimage","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/01\/word-image-99.png","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2020\/01\/word-image-99.png","width":900,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/unit42.paloaltonetworks.com\/ja\/threat-brief-windows-cryptoapi-spoofing-vulnerability-cve-2020-0601\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/unit42.paloaltonetworks.com\/ja\/"},{"@type":"ListItem","position":2,"name":"\u8105\u5a01\u306b\u95a2\u3059\u308b\u60c5\u5831: Windows CryptoAPI \u306b\u30b9\u30d7\u30fc\u30d5\u30a3\u30f3\u30b0\u306e\u8106\u5f31\u6027 (CVE-2020-0601)"}]},{"@type":"WebSite","@id":"https:\/\/unit42.paloaltonetworks.com\/#website","url":"https:\/\/unit42.paloaltonetworks.com\/","name":"Unit 42","description":"Palo Alto Networks","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/unit42.paloaltonetworks.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ja"},{"@type":"Person","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/b4be528290190ed8c6aa6d8817df3d78","name":"Mike Harbison","image":{"@type":"ImageObject","inLanguage":"ja","@id":"https:\/\/unit42.paloaltonetworks.com\/#\/schema\/person\/image\/9213e49ea48b7676660bac40d05c9e3e","url":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","contentUrl":"https:\/\/origin-unit42.paloaltonetworks.com\/wp-content\/uploads\/2018\/11\/unit-news-meta.svg","caption":"Mike Harbison"},"url":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/author\/mike-harbison\/"}]}},"_links":{"self":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/103213","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/users\/61"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/comments?post=103213"}],"version-history":[{"count":4,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/103213\/revisions"}],"predecessor-version":[{"id":103219,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/posts\/103213\/revisions\/103219"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media\/103214"}],"wp:attachment":[{"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/media?parent=103213"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/categories?post=103213"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/tags?post=103213"},{"taxonomy":"product_categories","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/product_categories?post=103213"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-unit42.paloaltonetworks.com\/ja\/wp-json\/wp\/v2\/coauthors?post=103213"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}