PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/pocs-for-windows-cryptoapi-bug-are-out-show-real-life-exploit-risks/

Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch.

The PoC exploits for the flaw now known as CurveBall (per security researcher Tal Be'ery) were publicly released during the last 24 hours by Swiss cybersecurity outfit Kudelski Security and ollypwn.
British hardware hacker Saleem Rashid also developed a CurveBall PoC exploit but only tweeted screenshots of his exploit code abusing CVE-2020-0601.

 

[MacDefender]

Yeah.... "It breaks HTTPS" And "it breaks codesigning".... This is serious. Basically only pinned RSA certs are safe so thankfully non Enterprise customers fetching the Windows Update catalog are probably okay.... Not very reassuring though.


Fortunately the spoofed certs are really easy to identify by pattern match so your defense layers (IDS/IPS for HTTPS spoofing, AV signature engine for executable signature spoofing) are doing their jobs!

 

[plat]

After two days of wondering in anguish why Microsoft doesn't love its Insiders in the fast ring (well, no, not really), build 19546.1000 is installing right this very minute. Have to stay one step ahead of these things, at the minimum.