PoC was released for the bug revealed by the NSA

Security researchers publish first proof-of-concept (PoC) for the Windows vulnerability recently revealed by the US National Security Agency (NSA).

Το σφάλμα, το οποίο μερικοί το αποκαλούν και CurveBall, επηρεάζει το CryptoAPI (Crypt32.dll), ένα στοιχείο που χειρίζεται κρυπτογραφικές in the operating system of .


Σύμφωνα με μια τεχνική ανάλυση υψηλού επιπέδου του σφάλματος από τον ερευνητή Tal Be'ery, “η αιτία αυτής της ευπάθειας είναι η λανθασμένη εφαρμογή του Elliptic Curve Cryptography (ECC) μέσα στον κώδικα της ".

According to the NSA, DHS and Microsoft, the error (has been registered as CVE-2020-0601) may allow an attacker to:

launch MitM attacks () και ψεύτικες συνδέσεις HTTPS
να υπογράψει με ψεύτικες υπογραφές αρχεία και μηνύματα ηλεκτρονικού υ
to sign digitally executable code running within Windows

The US authorities reacted immediately and proactively to this vulnerability. The NSA issued a security warning (something very rare) about the error, and DHS CISA issued an emergency instruction, giving government agencies ten days to update their systems.

This is the first time the NSA has reported a bug to Microsoft. We could say that the service is releasing press releases to improve its image in the cyber security community after the EternalBlue disasters stolen and released by Shadow Brokers. The hacking tools developed by the NSA and leaked online have been used in some of the biggest malware infections and cyber attacks to date.

Security experts such as Thomas Ptacek and Kenneth White have confirmed the severity and broad impact of the vulnerability, although it does not affect the Windows Update mechanism, which would make the threat a nightmare.

In a post at on Tuesday, Kenneth White stated that he was aware that some people needed a few more days to create a PoC that exploits the CurveBall vulnerability.

The first to mention it was Saleem Rashid, who created a proof-of-concept to show how he can make fake TLS certificates and serve them legally.
Rashid did not publish his code, but others did so a few hours later. CurveBall's first public PoC was released by Kudelski Security, while o second was a Danish security researcher under the pseudonym Ollypwn.

The good news among all this is that even if you haven't updated your system with the latest Patch Tuesday, Windows Defender has received the necessary to detect any attempts to actively exploit the bug and warn users.

iGuRu.gr The Best Technology Site in Greecefgns

Subscribe to Blog by Email

Subscribe to this blog and receive notifications of new posts by email.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).