Security News > 2023 > March > 10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack
A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "Opt-in" after all these years.
Even worse, the fix is removed after upgrading to Windows 11.
On Wednesday night, news broke that VoIP communications company 3CX was compromised to distribute trojanized versions of its Windows desktop application in a large-scale supply chain attack.
When a signed executable is modified, Windows will display a message stating that the "Digital signature of the object did not verify." However, even though we know that the d3dcompiler 47.dll DLL was modified, it still showed as signed in Windows.
"On December 10, 2013, Microsoft released an update for all supported releases of Microsoft Windows that changes how signatures are verified for binaries signed with the Windows Authenticode signature format," explains Microsoft's disclosure for the CVE-2013-3900.
"When enabled, the new behavior for Windows Authenticode signature verification will no longer allow extraneous information in the WIN CERTIFICATE structure, and Windows will no longer recognize non-compliant binaries as signed."
News URL
Related news
- JPCERT shares Windows Event Log tips to detect ransomware attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-12-11 | CVE-2013-3900 | Improper Input Validation vulnerability in Microsoft products The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate PE file digests during Authenticode signature verification, which allows remote attackers to execute arbitrary code via a crafted PE file, aka "WinVerifyTrust Signature Validation Vulnerability." | 0.0 |