Black Arrow Cyber Informational 30/01/2023 – PoC Released for Microsoft Certification Vulnerability, Devices Still Vulnerable Months After NSA Disclosure

Executive Summary

The security provider Akami has identified that less than 1% of visible devices in data centres have been patched for a Microsoft CryptoAPI spoofing vulnerability (CVE-2022-34689), despite NSA disclosure and a publicly released patch by Microsoft in October 2022. In addition, Akamai have created a proof of concept for how this vulnerability can be exploited.

What’s the risk to me or my business?

Successful exploitation of this vulnerability could allow an attacker to spoof their identity and perform actions such as authentication or code signing from a targeted certificate. If you do not use applications with end-certificate caching, you are not vulnerable to this attack. At this time, the provided proof of concept was only applicable if the attacker had the ability to generate a certificate from the targeted infrastructure, and if the targeted webpage or application was accessed using version v48 of Chrome or earlier, which was released on 25 January 2016.

What can I do?

Patch your Windows endpoints and servers with the latest security patches provided by Microsoft. This vulnerability was addressed as part of the October 2022 Patch Tuesday.

Further information on the vulnerability can be found here: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-34689

Akami’s Report can be found here: https://www.akamai.com/blog/security-research/exploiting-critical-spoofing-vulnerability-microsoft-cryptoapi

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Previous
Previous

Black Arrow Cyber Advisory 30/01/2023 – GoTo Encrypted Backup and Encryption Keys Theft

Next
Next

Black Arrow Cyber Threat Briefing 27 January 2023