"Researchers Pioneer POC Exploit for NSA-Reported Bug in Windows CryptoAPI"

Researchers have created a proof-of-concept (POC) exploit for a public x.509 certificate-spoofing vulnerability in the Windows CryptoAPI that was reported to Microsoft by the National Security Agency (NSA) and the National Cyber Security Center (NCSC) last year. Microsoft patched the vulnerability, tracked as CVE-2022-34689, in August 2022, but reported it publicly in October 2022. At the time, the vulnerability was assessed as one that attackers were more likely to exploit, but Microsoft provided little details on the flaw and how an attacker could use it. However, researchers at Akamai who have been analyzing the vulnerability for several months have disclosed details of an attack they developed for it. According to the researchers, the attack would allow attackers to spoof the target certificate and masquerade as any website, with the ability to perform various malicious actions. CryptoAPI is a Windows Application Programming Interface (API) used by developers to enable cryptography support for their applications. One of CryptoAPI's functions is to validate digital certificate authenticity, which is where the vulnerability exists. This article continues to discuss the POC exploit developed by Akamai researchers for the public x.509 certificate-spoofing vulnerability in the Windows CryptoAPI.

Dark Reading reports "Researchers Pioneer POC Exploit for NSA-Reported Bug in Windows CryptoAPI"