Security notice (CVE-2020-0601): Windows vulnerability affecting PCoIP Agents and PCoIP Clients

Rate this Article
No votes yet

November 8, 2020

Last modified: 08/02/2023, 1:22 am

Knowledge Base Article Advisory Security HP Anyware

Summary

A vulnerability in the Microsoft Windows CryptoAPI (CVE-2020-0601) fails to properly validate certificates that use Elliptic Curve Cryptography (ECC). This may allow an attacker to spoof the validity of certificate chains used to secure a PCoIP session.

Severity: Medium
 

Affected Products:
  • PCoIP Standard Agent for Windows
  • PCoIP Graphics Agent for Windows
  • PCoIP Software Client for Windows
 
Mitigation:

HP Anyware recommends installing the appropriate patches for your agent and client operating systems immediately to ensure a secure PCoIP experience.