Proof-of-Concept Exploit Code Released for Critical Cryptographic Flaw in Windows 10
The US National Security Agency (NSA) has deemed a cryptographic flaw it found in Windows 10 so critical that it took the unusual step of disclosing the flaw itself. The flaw could be exploited to spoof code signing certificates. The issue also affects Windows Server 2016 and 2019 and "applications that rely on Windows for trust functionality." The Department of Homeland Security's (DHS's) Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive instructing federal agencies to patch the issue by January 29. Proof-of-concept exploit code for the vulnerability has been released.
SANS created a test site at https://curveballtest.com. The site also offers a benign executable that was signed with an exploit signature. Use it to test your defenses. Many end point protection products and even Chrome have added rules to detect bad signatures, possibly protecting you even if you are not yet patched.
Read more in
SC Magazine: NSA reveals to Microsoft critical Windows 10 flaw
Dark Reading: Microsoft Patches Windows Vuln Discovered by the NSA
Threatpost: PoC Exploits Published For Microsoft Crypto Bug