Earlier this week, Microsoft released a fix for a serious cryptographic bug. CVE-2020-0601, which poses a threat to Windows 10, Windows Server 2019 and Windows Server 2016. The vulnerability was found by specialists of the US National Security Agency and is associated with the operation of CryptoAPI (Crypt32.dll) – the main component of Windows that is responsible for cryptographic operations.
Although Microsoft rated the fix for this bug as “important” and not “critical”, and the vulnerability has not yet been used in real attacks, the problem is considered so serious that the NSA took an unprecedented step for itself, reporting the vulnerability to the developers, instead of hide this information and use it for your own operations.
According to experts, this vulnerability could allow an attacker to:
- carry out MitM attacks, intercept and fake HTTPS connections;
- create fake signatures for files and letters;
- Sign the malicious executable and run on Windows.
As predicted by security professionals, PoC exploits for a new problem appeared quickly. So, the first version of the exploit, less than a day after the disclosure of data about the problem, was created by Salim Rashid (Saleem Rashid). Its exploit is designed to fake TLS certificates, which gives sites the ability to impersonate legitimate resources.
– Saleem Rashid (@ saleemrash1d) January 15, 2020
Bearing in mind the risks, Rashid did not publish the exploit code in the public domain, only demonstrated its work on Twitter, but other experts proposed their own exploit options a few hours later and shared their findings on public display.
So, first exploit posted to the network by Kudelski Security experts, and second exploit promulgated by a Danish specialist under the nickname Ollypwn. The authors of the exploits believe that their publication of the code does not change much, since most cybercriminals lack the knowledge and resources necessary to exploit the vulnerability.
Although many now expect attacks using a fresh problem, Microsoft developers have already released updates for Windows Defender, which are designed to detect the exploitation of the problem and protect those users who have not yet bothered to install patches.
– ollypwn (@ollypwn) January 15, 2020
Photo: Saleem Rashid