Security News > 2020 > January > PoC Exploits Published For Microsoft Crypto Bug
Two proof-of-concept exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft.
The two PoC exploits were published to GitHub on Thursday.
One PoC exploit was released by Kudelski Security and the other by a security researcher under the alias "Ollypwn".
A third PoC exploit was developed by security expert Saleem Rashid; who said on Twitter, Wednesday, that the PoC allowed him to fake TLS certificates and set up sites that look like legitimate ones.
Despite the roadblocks to exploitation, security experts say that publicly-released PoC exploits can pave the way for future exploitation of CVE-2020-0601 by adversaries.
News URL
https://threatpost.com/poc-exploits-published-for-microsoft-crypto-bug/151931/
Related news
- New QR Code Phishing Campaign Exploits Microsoft Sway to Steal Credentials (source)
- Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-14 | CVE-2020-0601 | Improper Certificate Validation vulnerability in multiple products A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source, aka 'Windows CryptoAPI Spoofing Vulnerability'. | 5.8 |