Level 36
Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch.

The PoC exploits for the flaw now known as CurveBall (per security researcher Tal Be'ery) were publicly released during the last 24 hours by Swiss cybersecurity outfit Kudelski Security and ollypwn.
British hardware hacker Saleem Rashid also developed a CurveBall PoC exploit but only tweeted screenshots of his exploit code abusing CVE-2020-0601.


Level 11
Yeah.... "It breaks HTTPS" And "it breaks codesigning".... This is serious. Basically only pinned RSA certs are safe so thankfully non Enterprise customers fetching the Windows Update catalog are probably okay.... Not very reassuring though.

Fortunately the spoofed certs are really easy to identify by pattern match so your defense layers (IDS/IPS for HTTPS spoofing, AV signature engine for executable signature spoofing) are doing their jobs!


Level 21
After two days of wondering in anguish why Microsoft doesn't love its Insiders in the fast ring (well, no, not really), build 19546.1000 is installing right this very minute. Have to stay one step ahead of these things, at the minimum. 😬
  • Like
Reactions: Gandalf_The_Grey