CERT and disclosure of CVE-2020-0601

Jurre van Bergen filed this request with the United States Computer Emergency Readiness Team of the United States of America.
Tracking #


Due Feb. 13, 2020
Est. Completion None
Awaiting Response


From: Jurre van Bergen

To Whom It May Concern:

Pursuant to the Freedom of Information Act, I hereby request the following records:

All documents related in whole or in part to the detailing the disclosure of CVE-2020-0601, a Microsoft security issue in Crypt32.dll in various versions of their Windows product. The security vulnerability was allegedly found and reported to Microsoft by the NSA.

The NSA disclosed it through the following channels, detailed here: https://twitter.com/NSAGov/status/1217152211056238593 & https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF

U.S cert disclosed it here: https://www.us-cert.gov/ncas/alerts/aa20-014a

Any of those documents could be but not limited to, notes, e-mails, media talking points, communication with Microsoft, as well as any records sharing details with other U.S government agencies about the vulnerability and communication with U.S Cert.

If you regard these documents as potentially exempt from disclosure requirements, I request that you nonetheless exercise your discretion to disclose them.Please release all reasonably segregable nonexempt portions of documents.

The requested documents will be made available to the general public, and this request is not being made for commercial purposes.

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.


Jurre van Bergen

From: United States Computer Emergency Readiness Team

Good Evening,
Attached is our acknowledgment of your DHS FOIA request.  If you need to contact this office again concerning your request, please provide the DHS reference number. This will enable us to quickly retrieve the information you are seeking and reduce our response time. This office can be reached at 866-431-0486.
DHS Privacy Office
Disclosure & FOIA Program
STOP 0655
Department of Homeland Security
245 Murray Drive, SW
Washington, DC 20528-0655
Telephone:  1-866-431-0486 or 202-343-1743
Fax:  202-343-4011
Visit our FOIA website (http://www.dhs.gov/foia)