Stories
Slash Boxes
Comments

SoylentNews is people

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA

posted by janrinok on Sunday January 29 2023, @07:34PM   Printer-friendly
Security

Fnord666 writes:

Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA

Proof-of-concept (Poc) code has been released for a now-patched high-severity security flaw in the Windows CryptoAPI that the U.S. National Security Agency (NSA) and the U.K. National Cyber Security Centre (NCSC) reported to Microsoft last year.

Tracked as CVE-2022-34689 (CVSS score: 7.5), the spoofing vulnerability was addressed by the tech giant as part of Patch Tuesday updates released in August 2022, but was only publicly disclosed two months later on October 11, 2022.

"An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate," Microsoft said in an advisory released at the time.

CryptoAPI bug makes 99% of Windows servers vulnerable

According to Redmond's security bulletin, CVE-2022-34689 can be exploited to spoof an attacker's true identity and perform actions "such as authentication or code signing as the targeted certificate."

As explained by Akamai, the gist of the issue is that CryptoAPI makes the assumption that "the certificate cache index key, which is MD5-based, is collision-free." MD5 has been known for being vulnerable to collision issues – two chunks of data which happen to have the very same MD5 hash – for a long time now, but old software versions using CryptoAPI are still vulnerable to the flaw.

Your apps and Windows devices could be facing a whole new kind of threat

A critical flaw in Windows-powered datacenters and applications, which Microsoft fixed in mid-2022, remains unpatched in almost all vulnerable endpoints, putting countless users at risk of different malware, or even ransomware, attacks.

Cybersecurity researchers from Akamai published a proof-of-concept (PoC) for the flaw, and determined the high percentage of yet unfixed devices.

The vulnerability Akamai is referring to is CVE-2022-34689, a Windows CryptoAPI spoofing vulnerability that allows threat actors to authenticate, or sign code, as the targeted certificate. In other words, threat actors can use the flaw to pretend to be another app or OS and have those apps run without raising any alarms.

CVE-2022-34689

Original Submission

This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Researchers Release PoC Exploit for Windows CryptoAPI Bug Discovered by NSA | Log In/Create an Account | Top | 2 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: -1, Offtopic) by Anonymous Coward on Monday January 30 2023, @12:28AM

    by Anonymous Coward on Monday January 30 2023, @12:28AM (#1289222)

    Wrong color

  • (Score: 4, Interesting) by deimios on Monday January 30 2023, @08:41AM

    by deimios (201) Subscriber Badge on Monday January 30 2023, @08:41AM (#1289257) Journal

    I guess other countries stumbled upon the exploit too if the NSA deigned to make it public. Why else would they plug a backdoor they could use?

(1)