I'll search for Windows Crypto API vulnerabilities over the last 10 years.Based on my research, here is a comprehensive list of Windows Crypto API vulnerabilities from the last 10 years:
Affected: crypt32.dll
A spoofing vulnerability in the way Windows CryptoAPI validates Elliptic Curve Cryptography (ECC) certificates. Attackers could sign malicious code with spoofed certificates, making it appear from trusted sources. Enables man-in-the-middle attacks and decryption of confidential data. Discovered by the NSA.
Affected: crypt32.dll
A spoofing vulnerability in Windows CryptoAPI that allows an attacker to trick Windows applications into accepting a fraudulent certificate by exploiting the broken MD5 hashing algorithm used for certificate cache indexing. Reported by the NSA and UK NCSC.
Affected: ncrypt.dll
A Windows Cryptographic Services RCE vulnerability triggered by importing a malicious certificate into the Trusted Root Certification Authorities store. The root cause involves fixed-size arrays storing SID information without bounds checking, causing buffer overflow.
Affected: CryptSvc (Windows Cryptographic Services)
A Windows CryptoAPI Denial of Service vulnerability affecting Windows 10, Windows 11, and Windows Server editions.
Affected: Windows Cryptographic Services A critical remote code execution vulnerability affecting Windows 10, Windows 11, and various Windows Server editions. Exploitation could allow an attacker to execute arbitrary code on the affected system.
Affected: Windows Cryptographic Services An information disclosure vulnerability that could leak sensitive information such as crypto keys or hashed passwords through insecure file permissions or leaked process memory.
Affected: Windows Cryptographic Services A security feature bypass vulnerability where the product uses a broken or risky cryptographic algorithm or protocol.
Affected: KeyIso.exe (CNG Key Isolation Service)
An elevation of privilege vulnerability in Windows CNG Key Isolation Service enabling a local attacker to gain SYSTEM privileges by exploiting weaknesses in how Windows manages cryptographic keys.
Affected: cng.sys / CNG Key Isolation Service
CISA describes this as a CNG Key Isolation Service vulnerability that allows an attacker to gain specific limited SYSTEM privileges through improper memory locking. Added to CISA's Known Exploited Vulnerabilities catalog.
Affected: cng.sys
A buffer overflow vulnerability in cng.sys that allows attackers to gain control over the CNG Key Isolation service's execution flow and potentially achieve SYSTEM privileges.
Affected: cng.sys
An integer overflow and buffer vulnerability in the Windows kernel encryption module (cng.sys). In the function cng!CfgAdtpFormatPropertyBlock, an overflow occurs when the size parameter is multiplied by 6. This vulnerability was used as part of an exploit chain for Chrome on Windows, allowing attackers to break out of Chrome's sandbox and execute code with SYSTEM privileges.
Affected: cng.sys / CNG Key Isolation Service
An elevation of privilege vulnerability when the Windows CNG Key Isolation service improperly handles memory, allowing attackers to run processes in elevated context.
Affected: cng.sys
A security feature bypass in the CNG kernel-mode driver on Windows 10 and Windows Server 2016/1709 due to improper validation and enforcement of impersonation levels.
Affected: schannel.dll
A critical bug in Windows SChannel (Microsoft's SSL/TLS implementation) that is remotely executable, allowing malicious code execution via specially crafted packets. Rated 9.3 on CVSS scale. Present since Windows 95.
Affected: schannel.dll
An information disclosure vulnerability where Secure Channel (Schannel) allows the use of weak Diffie-Hellman ephemeral (DHE) key length of 512 bits, making DHE key exchanges vulnerable to various attacks.
Affected: CryptSvc (Windows Cryptographic Services)
A high-severity information-disclosure vulnerability stemming from the use of a cryptographic primitive with a risky implementation that allows local disclosure of sensitive information. CVSS 7.8 (High).
| CVE | Year | Component | Vulnerability Type |
|---|---|---|---|
| CVE-2014-6321 | 2014 | schannel.dll | Remote Code Execution |
| CVE-2015-1716 | 2015 | schannel.dll | Information Disclosure (Logjam) |
| CVE-2018-0902 | 2018 | cng.sys | Security Feature Bypass |
| CVE-2020-0601 | 2020 | crypt32.dll | Certificate Spoofing |
| CVE-2020-1384 | 2020 | cng.sys | Elevation of Privilege |
| CVE-2020-17087 | 2020 | cng.sys | Elevation of Privilege (0-day) |
| CVE-2022-34689 | 2022 | crypt32.dll | Certificate Spoofing |
| CVE-2022-41125 | 2022 | cng.sys | Elevation of Privilege |
| CVE-2023-23416 | 2023 | ncrypt.dll | Remote Code Execution |
| CVE-2023-24938 | 2023 | CryptSvc | Denial of Service |
| CVE-2023-28229 | 2023 | cng.sys | Elevation of Privilege |
| CVE-2024-20682 | 2024 | CryptSvc | Remote Code Execution |
| CVE-2024-30016 | 2024 | CryptSvc | Information Disclosure |
| CVE-2024-30031 | 2024 | KeyIso.exe | Elevation of Privilege |
| CVE-2024-30098 | 2024 | CryptSvc | Security Feature Bypass |
| CVE-2025-58720 | 2025 | CryptSvc | Information Disclosure |