Security News > 2023 > January > Exploit released for critical Windows CryptoAPI spoofing bug
Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the NSA and U.K.'s NCSC allowing MD5-collision certificate spoofing.
Unauthenticated attackers can exploit this bug in low-complexity attacks.
Today, security researchers with the Akamai cloud security firm have published a proof of concept exploit and shared an OSQuery to help defenders detect CryptoAPI library versions vulnerable to attacks.
Should an attack using a CVE-2022-34689 exploit be successful, it could also provide attackers with the ability to perform man-in-the-middle attacks and decrypt confidential information on user connections to the affected software, such as web browsers that use Windows' CryptoAPI cryptography library.
"There is still a lot of code that uses this API and might be exposed to this vulnerability, warranting a patch even for discontinued versions of Windows, like Windows 7. We advise you to patch your Windows servers and endpoints with the latest security patch released by Microsoft," Akamai said.
Exploit released for critical ManageEngine RCE bug, patch now.
News URL
Related news
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Critical security hole in Apache Struts under exploit (source)
- Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-11 | CVE-2022-34689 | Authentication Bypass by Spoofing vulnerability in Microsoft products Windows CryptoAPI Spoofing Vulnerability | 0.0 |