Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency. Users and organizations should patch their systems by applying the security updates Microsoft released during this month’s Patch Tuesday. The vulnerability impacts Windows 10, Windows Server 2016 and 2019 versions of CRYPT32.DLL. On compromised systems, attackers can launch man-in-the-middle attacks, as well as decrypt confidential info from network connections.
Source: https://www.bleepingcomputer.com/news/security/pocs-for-windows-cryptoapi-bug-are-out-show-real-life-exploit-risks/