PoCs for Windows CryptoAPI Bug Are Out, Show Real-Life Exploit Risks

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch.

The PoC exploits for the flaw now known as CurveBall (per security researcher Tal Be'ery) were publicly released during the last 24 hours by Swiss cybersecurity outfit Kudelski Security and ollypwn.
British hardware hacker Saleem Rashid also developed a CurveBall PoC exploit but only tweeted screenshots of his exploit code abusing CVE-2020-0601.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
779
Yeah.... "It breaks HTTPS" And "it breaks codesigning".... This is serious. Basically only pinned RSA certs are safe so thankfully non Enterprise customers fetching the Windows Update catalog are probably okay.... Not very reassuring though.


Fortunately the spoofed certs are really easy to identify by pattern match so your defense layers (IDS/IPS for HTTPS spoofing, AV signature engine for executable signature spoofing) are doing their jobs!
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
After two days of wondering in anguish why Microsoft doesn't love its Insiders in the fast ring (well, no, not really), build 19546.1000 is installing right this very minute. Have to stay one step ahead of these things, at the minimum. 😬
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top