CVE-2020-0601 Followup

Published: 2020-01-15
Last Updated: 2020-01-16 18:55:46 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for a recording, see https://sans.org/cryptoapi-isc ) Thanks to Jake Williams for helping us with the webcast!

UPDATE: An Exploit has been made public!

We also made a simple PowerPoint presentation available to help you brief management on the issue: TalkingToYourBossAboutCryptoAPI.pptx

[I am still going over some of the questions from the webcast. This post will be updated later today with additional questions. Feel free to submit questions here: https://isc.sans.edu/contact.html ]

  • What is the name of the vulnerability?
    There is no catchy name or logo for this vulnerability. It is referred to as "CVE-2020-0601", "CryptoAPI ECC Verification Vulnerability," or "crypt32.dll Vulnerability" and several other names. It is probably best to use the CVE number as an identifier.
     
  • Which operating systems are affected?
    Only Windows 10 and Windows Server 2016 and 2019 are affected. Windows 7 is not affected. There was some confusion about this because Windows 7 is no longer officially supported after this patch release. But the January 14th patch Tuesday did cover Windows 7. The affected library, crypt32.dll (CryptoAPI), is present in older versions of Windows, including Windows 7. But not all versions of this library are affected. Out of support versions of Windows 10, like Windows 10 1709, are likely vulnerable, and you should upgrade to Windows 10 1809, the current "long term support" version.
     
  • Have there been any problems reported with this patch?
    None so far that we are aware of.
     
  • I am only using RSA certificates. Am I still vulnerable?
    Likely yes. First of all, even if you use RSA certificates exclusively internally, many external sites and software distributors will use elliptic curve (ECC) certificates. Also, the operating system will treat ECC and RSA certificates as equals. Think of it as a different certificate authority. Your system will trust certificates from any trusted certificate authority. Even if you retrieve your certificates exclusively from "Authority A," an attacker could still use "Authority B" to impersonate you as long as your systems trust "Authority B." Certificate pinning may help here (or pinning the certificate authority)
     
  • Is Windows Update itself vulnerable?
    No. Windows Update added several protections to prevent attacks where an attacker would be able to obtain a fake Microsoft certificate. Microsoft uses Certificate pinning and other protection measures to make attacks very difficult and impossible via CVE-2020-0601.
     
  • Is SCCM Vulnerable (Microsoft System Center Configuration Manager)?
    No. It applies the same checks to updates as does "Windows Update."
     
  • How do I know if I am patched?
    There are now a few of proof of concept exploits available on GitHub. The simplest test is probably https://chainoffools.wouaib.ch/ [visit at your own risk]. The website uses a certificate that was "signed" using the PoC exploit . You may also download a sample binary submitted to Any.Run see: https://app.any.run/tasks/884f5b91-2f1c-40f9-9566-41ab83790f60/ [again: use at your own risk]
     
  • Is there an exploit available?
    A working exploit has been released on Wednesday, Jan 15th evening (ET). https://github.com/ollypwn/cve-2020-0601
     
  • Is there some form of test certificate available (not a full exploit) to check my defenses?
    visit https://curveballtest.com to test if you are vulnerable (use Internet Explorer or Edge. Chrome may show up as not vulnerable even if it is vulnerable)
     
  • Will I know if someone attacked me using this vulnerability?
    If you patched, Windows will log an alert if it detects a suspect certificate. Endpoint protection vendors, including Microsoft, have added signatures to their solutions, checking for certificates that are likely exploits.

     
  • How will I be able to detect if a certificate is taking advantage of this vulnerability?
    The certificate will use an elliptic curve with explicit parameters. Three parameters define elliptic curves. There are several standard ("named") curves with set parameters. But instead of using one of these named elliptic curves, you may also specify your parameters. Not all certificates with explicitly defined parameters are malicious. But the exploit requires the use of these explicit parameters.
     
  • Are Certificates Using Specific Elliptic Curves, like for example P-384, vulnerable?
    An attacker would use a certificate with explicit parameters, not a named curve like P-384, to exploit this vulnerability. However, if your valid certificate uses a named curve like P-384, an attacker could still craft their own certificate with explicit parameters to exploit this issue. 
     
  • If my VPN (or other TLS based authentication system like PEAP) uses certificates for authentication: Is it vulnerable?
    This depends somewhat on the exact configuration. But in general, you are not vulnerable in these cases because you are likely only allowing very specific CAs and are always pinning certificates for specific users.

Resources:
Webcast Recording: https://sans.org/cryptoapi-isc
ISC Patch Tuesday Blog: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
NSA Post: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
MSFT Advisory https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601
Technical details about the nature of the vulnerability [trigger warning: lots of math]: https://medium.com/zengo/win10-crypto-vulnerability-cheating-in-elliptic-curve-billiards-2-69b45f2dcab6
Using CveEventWrite From VBA (CVE-2020-0601): https://blog.didierstevens.com/2020/01/15/using-cveeventwrite-from-vba-cve-2020-0601/

 

---
Johannes B. Ullrich, Ph.D., Dean of Research, SANS Technology Institute
Twitter|

4 comment(s)
ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824

Comments

What's this all about ..?
password reveal .
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure:

<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.

<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
https://thehomestore.com.pk/
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> nearest public toilet to me</a>
<a hreaf="https://defineprogramming.com/the-public-bathroom-near-me-find-nearest-public-toilet/"> public bathroom near me</a>
https://defineprogramming.com/
https://defineprogramming.com/
Enter comment here... a fake TeamViewer page, and that page led to a different type of malware. This week's infection involved a downloaded JavaScript (.js) file that led to Microsoft Installer packages (.msi files) containing other script that used free or open source programs.
distribute malware. Even if the URL listed on the ad shows a legitimate website, subsequent ad traffic can easily lead to a fake page. Different types of malware are distributed in this manner. I've seen IcedID (Bokbot), Gozi/ISFB, and various information stealers distributed through fake software websites that were provided through Google ad traffic. I submitted malicious files from this example to VirusTotal and found a low rate of detection, with some files not showing as malware at all. Additionally, domains associated with this infection frequently change. That might make it hard to detect.
https://clickercounter.org/
Enter corthrthmment here...

Diary Archives