One of the vulnerabilities patched this week by Microsoft in its Windows operating system is a crypto-related issue that was reported to the company by the U.S. National Security Agency.
The vulnerability, tracked as CVE-2020-0601 and dubbed ChainOfFools and CurveBall, affects Windows 10, Server 2016 and Server 2019, as well as applications that rely on Windows for trust functionality.
The flaw exists in the CryptoAPI (Crypt32.dll) component and it can allow an attacker to sign malicious files using a spoofed code-signing certificate or to conduct MitM attacks against TLS connections. However, sophisticated threat groups, such as nation-state actors, would be the most likely to exploit the vulnerability — run-of-the-mill cybercriminals are unlikely to have the resources and skills needed for exploitation.
Several proof-of-concept (PoC) exploits have already been created and some of them have been made public.
Several industry professionals have shared thoughts with SecurityWeek about the vulnerability, its impact, and the possible reasons why the NSA disclosed it rather than using it in its own operations.
And the feedback begins…
Sherrod DeGrippo, Senior Director Threat Research, Proofpoint:
“While this is a serious vulnerability that should be patched, there’s no need to panic. When you look at the vulnerability and the number of affected systems, this does not reach the level of Heartbleed or WannaCry scenarios from the past. Also, our research shows that behavioral analysis of malware still detects malware as malicious, even if it’s signed with an ostensibly legitimate certificate.”
Allan Liska, Senior Solutions Architect, Recorded Future:
“This vulnerability was reported by the NSA to Microsoft, which is a goo ..
Support the originator by clicking the read the rest link below.
