Security researchers publish first proof-of-concept (PoC) for the Windows vulnerability recently revealed by the US National Security Agency (NSA).
The error, το οποίο μερικοί το αποκαλούν και CurveBall, επηρεάζει το CryptoAPI (Crypt32.dll), ένα στοιχείο που χειρίζεται κρυπτογραφικές λειτουργίες στο λειτουργικό σύστημα των Windows.
According to one technique high-level analysis of the bug by researcher Tal Be'ery, “the cause of this vulnerability is the incorrect implementation of Elliptic Curve Cryptography (ECC) within Microsoft's code”.
According to the NSA, DHS and Microsoft, the error (has been registered as CVE-2020-0601) may allow an attacker to:
launch MitM attacks (Mon-in-the-middle) και ψεύτικες συνδέσεις HTTPS
to sign files and emails with fake signatures
to sign digitally executable code running within Windows
The principles of USA they reacted immediately and proactively to the specific vulnerability. The NSA issued a security warning (very rare) about the bug, and DHS's CISA division issued an emergency directive, giving government agencies ten days to update their systems.
Αυτή είναι η πρώτη φορά που η NSA ανέφερε ένα σφάλμα στη Microsoft. Θα μπορούσαμε να πούμε ότι η service κυκλοφορεί δελτία τύπου για να βελτιώσει την εικόνα της στην κοινότητα για την better safety στον κυβερνοχώρο μετά τις καταστροφές του eternalblue που έκλεψαν και κυκλοφόρησαν οι Shadow Brokers. Τα συγκεκριμένα hacking εργαλεία που αναπτύχθηκαν από την NSA και διαρρεύσαν online, were used in some of the largest malware infections and cyber attacks to date.
Security experts such as Thomas Ptacek and Kenneth White have confirmed the severity and broad impact of the vulnerability, although it does not affect the Windows Update mechanism, which would make the threat a nightmare.
In a blog post Tuesday, Kenneth White said he knew some people needed a few more days to create a PoC that exploits the CurveBall vulnerability.
The first to mention it was Saleem Rashid, who created a proof-of-concept to show how he can make fake TLS certificates and serve them legally.
Rashid did not publish his code, but others did so a few hours later. CurveBall's first public PoC was released by Kudelski Security, while o second was a Danish security researcher under the pseudonym Ollypwn.
The good news among all this is that even if you haven't updated your system with the latest Patch Tuesday, the Windows Defender has received the necessary updates to detect any attempts to actively exploit the bug and warn users.