Home » [True and fake]Windows CryptoAPI counterfeit vulnerability trusted certificate is not trustworthy- wepro180

[True and fake]Windows CryptoAPI counterfeit vulnerability trusted certificate is not trustworthy- wepro180

by admin
[True and fake]Windows CryptoAPI counterfeit vulnerability trusted certificate is not trustworthy- wepro180
[True and fake]Windows CryptoAPI counterfeit vulnerability trusted certificate is not trustworthy- wepro180


wepro180


wepro180

Microsoft’s Windows CryptoAPI system architecture has once again discovered a security vulnerability. Although the vulnerability was blocked as early as August last year, the technology company Akamai pointed out that there are still a large number of devices on the network that have vulnerabilities, and they have released a proof of concept for exploiting the vulnerability ( PoC), if the vulnerability continues to exist, it will allow hackers to install various malware through fake certificates.

CryptoAPI is a cryptographic function added by Microsoft to the Windows operating system. It can be used to encrypt or decrypt data, and verify whether the certificate of the downloaded software is consistent with the developer’s certificate to prevent counterfeiting. However, the British National Security Agency discovered a vulnerability in Windows CryptoAPI last year (CVE-2022-34689), which allows hackers to forge the MD5 value in software messages, successfully pretending that malware is software released by other trusted organizations, or using an intermediate Attackers can intercept incoming and outgoing messages and decrypt them.

Akamai researchers pointed out that through this vulnerability, hackers can affect the trustworthiness of HTTPS encrypted connections, signed code, files, and emails, causing Windows operating systems and other network security tools to fail to detect suspicious places and successfully authorize malware installation. The researchers also pointed out that less than 1% of the data center devices found on the network have installed security updates. In addition, Chrome v48 or earlier versions, as well as other browsers that use Chromium as the underlying technology, all have the same vulnerability, and the warning can trigger Very serious security incident.

See also  Pixel Stranger Things!Some models will crash as long as they play "Alien" clips- Mobile phone brand news | ePrice

The researcher added that in addition to servers that are publicly searchable on the Internet, other Windows 7 operating system devices and applications that have stopped technical support still use this problematic API. Therefore, IT administrators and users are strongly advised to immediately Install Windows updates from Microsoft to protect servers and endpoint devices. As for developers, researchers suggest that when using other WinAPI in the future, the validity of the certificate must be double-confirmed, for example, you can refer to CertVerifyCertificateChainPolicy.

This is not the first time that the Windows CryptoAPI spoofing vulnerability has occurred. The National Security Agency of the United States discovered similar attacks more than two years ago, and even security agency researchers released the means of exploiting the vulnerability within 24 hours after the report was published. And program codes, indirectly forcing the US CISA to urgently order federal agencies to plug all loopholes in endpoint devices within ten working days, which shows that the severity is quite high.

Source: https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-windows-cryptoapi-spoofing-bug/

Related article:[Verification Vulnerabilities]Microsoft Security Certificate Untrusted Adding Drivers to Easily Obtain the Highest Privilege

You may also like

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More

Privacy & Cookies Policy