Proof-of-concept exploit code is now available for the Windows CryptoAPI spoofing vulnerability tracked as CVE-2020-0601 and reported by the National Security Agency (NSA), just two days after Microsoft released a patch.
The PoC exploits for the flaw now known as CurveBall (per security researcher
Tal Be'ery) were publicly released during the last 24 hours by Swiss cybersecurity outfit
Kudelski Security and
ollypwn.
British hardware hacker
Saleem Rashid also developed a CurveBall PoC exploit but only tweeted screenshots of his exploit code abusing CVE-2020-0601.