Windows CryptoAPI Flaw Allows Attackers to Spoof Identity, PoC Exploit Released

Reading Time: 3 Minutes

Akamai researchers have released proof of concept exploit code for a critical Windows CryptoAPI vulnerability, which was discovered by the NSA and U.K.’s NCSC and allows for MD5-collision certificate spoofing.

Tracked as CVE-2022-34689, this security flaw was addressed with security updates in August 2022, but was not made public by Microsoft until October.

The vulnerability allows unauthenticated attackers to manipulate existing public x.509 certificates to spoof their identity and perform actions such as authentication or code signing as the targeted certificate. 

Exploiting the vulnerability

The Akamai researchers have also shared an OSQuery to help defenders detect CryptoAPI library versions vulnerable to attacks.
They have found that older versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited, but believe that there are more vulnerable targets in the wild.

The vulnerability can impact the validation of trust for HTTPS connections and signed executable code, files, or emails and can also provide attackers with the ability to perform man-in-the-middle attacks and decrypt confidential information. 

Update your Windows servers

The researchers advise to patch your Windows servers and endpoints with the latest security patch released by Microsoft.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link