Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security Windows IT

Proof-of-Concept Exploits Published for the Microsoft-NSA Crypto Bug (zdnet.com) 25

Security researchers have published proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). From a report: The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS. According to a high-level technical analysis of the bug from cyber-security researcher Tal Be'ery, "the root cause of this vulnerability is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft's code." According to both the NSA, the DHS, and Microsoft, when exploited, this bug (tracked as CVE-2020-0601) can allow an attacker to: 1. Launch MitM (man-in-the-middle) attacks and intercept and fake HTTPS connections. 2. Fake signatures for files and emails. 3. Fake signed-executable code launched inside Windows.
This discussion has been archived. No new comments can be posted.

Proof-of-Concept Exploits Published for the Microsoft-NSA Crypto Bug

Comments Filter:

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...