Proof-of-concept exploits published for the Microsoft-NSA crypto bug

encryption cryptography lock

Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA).

The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS.

According to a high-level technical analysis of the bug from cyber-security researcher Tal Be’ery, “the root cause of this vulnerability is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.”

According to both the NSA, the DHS, and Microsoft, when exploited, this bug (tracked as CVE-2020-0601) can allow an attacker to:

  • launch MitM (man-in-the-middle) attacks and intercept and fake HTTPS connections
  • fake signatures for files and emails
  • fake signed-executable code launched inside Windows

Experts: “seriously, seriously bad”

Speaking on Twitter, Acting Homeland Security Advisor Rob Joyce described the bug as “seriously, seriously bad.”

US authorities reacted to the vulnerability very openly and proactively. The NSA released a rare security alert about the bug, and the DHS’ CISA department issued an emergency directive, giving government agencies ten days to patch systems by applying the January 2020 Microsoft Patch Tuesday updates.

This is the first time the NSA reported a bug to Microsoft. One might say the agency is on a press tour to improve its image in the cyber-security community after the EternalBlue and Shadow Brokers disasters, when NSA-developed hacking tools were leaked online and used for some of the biggest malware infections and cyber-attacks known to date.

However, the vulnerability’s severity cannot be downplayed by the NSA’s attempt to “turn a new leaf” with the infosec community.

Astute and experienced security experts and cryptographers like Thomas Ptacek and Kenneth White have confirmed the vulnerability’s severity and wide impact — although it does not impact the Windows Update mechanism, which would have allowed a threat actor to fake Windows updates.

PoC exploits released online

In a blog post on Tuesday, White said he was aware that some people were days away from coming up with a working exploit for the CurveBall vulnerability.

The first one to come up with one was Saleem Rashid, who created a proof-of-concept code to fake TLS certificates and allow sites to pose as legitimate ones.

Rashid didn’t publish his code, but others did, hours later. The first public CurveBall exploit came from Kudelski Security, followed by a second one from a Danish security researcher going by the name of Ollypwn.

In its official security advisory for CVE-2020-0601, Microsoft described the chance of threat actors exploit the bug as “more likely.” With public demo code available, the chances of exploitation are now also ensured.

The good news in all of this is that even if users haven’t had the time to schedule time to install the patches, Windows Defender has received updates to at least detect active exploitation attempts and warn users. According to Microsoft, this vulnerability impacts Windows 10, Windows Server 2019, and Windows Server 2016 OS versions.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Millions in Cryptocurrency Stolen by Scammers in the Last Month According to Tenable Research
November 24, 2021
Behind The Scenes: How this Crypto Community Responded to + $50m Hack
October 18, 2021
Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021

Blockchain/Cryptocurrency Questions and Answers

How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021
ICo Presale
The Science Behind ICO Presales…
October 14, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin42,344 0.34 % 0.02 % 1.01 %
Ethereum3,162.5 0.21 % 2.08 % 2.59 %
Binance Coin471.30 0.19 % 1.20 % 1.70 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Cardano1.490 0.85 % 6.27 % 25.54 %
USD Coin1.000 0.14 % 0.20 % 0.17 %
Solana140.93 0.67 % 0.07 % 0.47 %
XRP0.7530 0.15 % 1.83 % 2.55 %
Terra79.72 1.15 % 2.81 % 8.26 %
Polkadot30.87 2.19 % 17.29 % 10.73 %

Bitcoin (BTC) $ 42,347.00
Ethereum (ETH) $ 3,161.52
Binance Coin (BNB) $ 471.51
Tether (USDT) $ 0.999739
Cardano (ADA) $ 1.47
USD Coin (USDC) $ 1.00
Solana (SOL) $ 141.17
XRP (XRP) $ 0.751781
Terra (LUNA) $ 80.54
Polkadot (DOT) $ 25.14