Microsoft Cryptographic Library CRYPT32.DLL Vulnerability Proof-of-Concept Released

Microsoft Cryptographic Library CRYPT32.DLL Vulnerability Proof-of-Concept Released

An update to the Microsoft Cryptographic Library CRYPT32.DLL alert was issued Thursday, Jan. 16, 2020. Security researchers from Kudelski Security and Ollypwn have now published a proof-of-concept for CVE-2020-0601 to GitHub. A third proof-of-concept exploit has reportedly been developed but was not released to the public. The vulnerability could allow an attacker to execute code, which could potentially lead to a breach.

What It Is:
A vulnerability has been discovered in the Microsoft Cryptographic library CRYPT32.DLL, which could allow for remote code execution. The Microsoft Cryptographic library CRYPT32.DLL is the module that implements many of the certificate and cryptographic messaging functions in the CryptoAPI. This library comes with Windows and Windows Server Operating Systems.

Successful exploitation of this vulnerability could allow attackers to compromise trusted network connections using spoofed certificates. This can be used to deliver malicious executable code under the pretense of a legitimately trusted entity, commit man-in-the-middle attacks, and decrypt confidential information. Examples of potentially impacted services include HTTPS connections, signed emails and files, and user-mode processes launching signed executable code.

Read the original NSA Cybersecurity Advisory.

Read the original Microsoft references below for more information:

Security Update Guide
Security Update Summary
CVE-2020-0601- Windows CryptoAPI Spoofing Vulnerability

Threat Intelligence:
Security researchers from Kudelski Security and Ollypwn published a proof-of-concept for CVE-2020-0601 to GitHub. A third proof-of-concept exploit has reportedly been developed but was not released to the public.

Systems Affected:

• Windows 10
• Windows Server 2016, 2019
• Applications that rely on Windows for Trust functionality

Risk:
Government:
• Large and medium government entities: High
• Small government entities: High
Businesses:
• Large and medium business entities: High
• Small business entities: High
Home users: Medium

What It Means:
If you and/or your business utilize the Microsoft Windows versions mentioned above or Windows for Trust, you will need to install all January 2020 Patch Tuesday patches on vulnerable systems as soon as possible following proper testing.

Technical Summary:
A vulnerability has been discovered in The Microsoft Cryptographic library CRYPT32.DLL, which could allow for remote code execution. This spoofing vulnerability (CVE-2020-0601) exists due to the way the library Crypt32.dll validates the Elliptic Curve Cryptography certificates.

This vulnerability is included in the monthly Microsoft Patch Tuesday release.

What To Do:
We recommend the following actions be taken:

• Rapid adoption of the patch is the only known mitigation at this time and is a paramount recommendation that all state, local, tribal, and territorial governments patch their respective systems after appropriate testing
• Reboot system after applying patches to complete remediation

Negative Consequences of Lost or Stolen Data:
The loss or theft of proprietary data can have severe impacts, particularly if the compromise becomes public and sensitive information is exposed. Possible impacts include:

• Temporary or permanent loss of sensitive or proprietary information.
• Disruption to regular operations.
• Financial losses incurred to restore systems and files.
• Potential harm to an organization’s reputation.

Should your agency or business need assistance with issues arising from vulnerabilities in Microsoft products including updates and/or patches, Dox can help. Please contact Dox if there is anything we can do to assist in securing your agency, business, or organization.

Thank you for your time and stay safe online.