Security News > 2023 > January > Researchers release PoC exploit for critical Windows CryptoAPI bug (CVE-2022-34689)
Akamai researchers have published a PoC exploit for a critical vulnerability in Windows CryptoAPI, which validates public key certificates.
"An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate," Microsoft said in October 2022, when they announced fixes for vulnerable Windows and Windows Server versions.
"The root cause of the bug is the assumption that the certificate cache index key, which is MD5-based, is collision-free. Since 2009, MD5's collision resistance is known to be broken," researchers Tomer Peled and Yoni Rozenshein explained.
"The attack flow is twofold. The first phase requires taking a legitimate certificate, modifying it, and serving the modified version to the victim. The second phase involves creating a new certificate whose MD5 collides with the modified legitimate certificate, and using the new certificate to spoof the identity of the original certificate's subject."
To exploit CVE-2022-34689, the first certificate, which is generated in a way that facilitates a chosen prefix collision attack and is correctly signed and verified, needs to be cached by the CryptoAPI, so that the second certificate can be promptly trusted because Microsoft does not re-check cached certificates.
The researchers advise admins to apply the latest security patch released by Microsoft on Windows servers and endpoints, and developers to switch to using other WinAPIs to check the validity of a certificate before using it.
News URL
https://www.helpnetsecurity.com/2023/01/26/poc-exploit-cve-2022-34689/
Related news
- PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- 1000s of Palo Alto Networks firewalls hijacked as miscreants exploit critical hole (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Exploit released for critical WhatsUp Gold RCE flaw, patch now (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
- PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Researchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOS (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-11 | CVE-2022-34689 | Authentication Bypass by Spoofing vulnerability in Microsoft products Windows CryptoAPI Spoofing Vulnerability | 0.0 |