A serious issue in the way Windows handles digital certificates.
Here's a quick mathematical explanation of the issue:
The bug exploits
crypt32.dll
signature verification on elliptic curve.crypt32.dll
only checks for matching public key and parameters, but not the generatorG
.
The private key isd = [1, n - 1]
, wheren
is order of the curve
The public key isQ
=dG
.
The generatorG
is defined for each curve, but the bug allows your to specify your own generator.
This description comes from a GitHub repository where you try this for yourself.
On Twitter there is also an explanation for people with zero crypto knowledge.
So the Windows library is incapable of doing signature verification. In less technical terms, it means that you can forego a valid signature on digital certificates. These signatures verify the truth as it's presented in the certificate. For example, the certificate for quovadis.nl is SIGNED by Quovadis. Without this signature, the certificate is not valid. I can create my own certificate for quovadis.nl, but nobody would accept it.
As it turns out, the issue as described above makes it possible to present a certificate with an invalid signature. And Windows will happily accept it! Attached is an example for GitHub.com, the well-known Microsoft service for software development.
Another example makes it possible to fake the digital signature on executable files. I could present you with a calc.exe that is supposedly signed by Microsoft. Our virus scanners, firewalls and other systems would happily let you download this file: the signature verification on those systems, if Windows based, is broken as well. An example is in the same repository
This is a huge problem. Any virus scanner, firewall, loadbalancer, Z-scaler, proxy or any other security device that is Windows based (and this includes all workstations) are seriously vulnerable to spoofed digital signatures.
The first proof-of-concepts can already be seen in the wild and it will take no time for people to actively start to exploit this.
We don't need to be hacked to suffer from this. We also don't need to be involved to suffer the consequences of this issue. For example, it would be possible for an attacker to spoof the organisation's website (as we have seen before in phishing attempts) but include a Extended Validation certificate that Windows will accept. This is bad. Worse, our own workstations are vulnerable as well.
I can only urge you to patch any and all Windows system right away.
More sources below:
- https://github.com/ollypwn/cve-2020-0601
- https://twitter.com/kennwhite/status/1217186865016602632
- https://nvd.nist.gov/vuln/detail/CVE-2020-0601
- https://msrc-blog.microsoft.com/2020/01/14/january-2020-security-updates-cve-2020-0601/
- https://www.emerce.nl/wire/microsoft-windows-cryptoapi-spoofingkwetsbaarheid-cve20200601-opsporen-herstellen
- https://www.ncsc.nl/actueel/nieuws/2020/januari/14/installeer-patches-van-microsoft-voor-cryptoapi-en-rdp-gateway
- https://gist.github.com/SwitHak/62fa7f8df378cae3a459670e3a18742d
- https://twitter.com/CiPHPerCoder/status/1217513543664316416
- https://github.com/kudelskisecurity/chainoffools
- https://twitter.com/matthew_d_green/status/1217246161440051200?s=20
- https://github.com/kudelskisecurity/chainoffools