Researchers with Akami have released a proof of concept (PoC) exploit for a critical Windows CryptoAPI bug that was made public by Microsoft last October.
The vulnerability was initially found by the UK’s NSC and the US NSA earlier last year. Tracked as CVE-2022-34689, the problem was reported to Microsoft and the company issued a fix in a security update in August 2022.
However, Microsoft did not disclose the vulnerability publicly until October. This delay was likely to give customers time to update to combat the critical flaw before it was public. In that October announcement, Microsoft provides the following information:
“An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate,” Microsoft explains.
The company also revealed that an exploit would allow a low complexity attack, which is why the flaw was tagged as critical.
PoC Exploit
Cloud security firm Akami has now posted a proof of concept (PoC) exploit and shared an OSQuery that will aid security reams in detecting vulnerable CryptoAPI library versions.
“We have searched for applications in the wild that use CryptoAPI in a way that is vulnerable to this spoofing attack. So far, we found that old versions of Chrome (v48 and earlier) and Chromium-based applications can be exploited.
“We believe there are more vulnerable targets in the wild and our research is still ongoing. We found that fewer than 1% of visible devices in data centers are patched, rendering the rest unprotected from exploitation of this vulnerability.”
A successful attack using the CVE-2022-34689 exploit would allow the threat actor to conduct attacks and access information on an infected machine.
“There is still a lot of code that uses this API and might be exposed to this vulnerability, warranting a patch even for discontinued versions of Windows, like Windows 7. We advise you to patch your Windows servers and endpoints with the latest security patch released by Microsoft,” Akamai adds.
“For developers, another option to mitigate this vulnerability is to use other WinAPIs to double-check the validity of a certificate before using it, such as CertVerifyCertificateChainPolicy. Keep in mind that applications that do not use end-certificate caching are not vulnerable.”
Tip of the day: If you need to Create, Delete or Resize Partitions, Windows has everything you thanks to the built-in Disk Management-tool.
