NSA and UK’s equivalent authority NCSC has discovered an exploit in Windows(mostly for servers and not personal computer users) that could be used to install malware or add a phishing page to your web browser. The discovery was made for an exploit code that was released by Akamai researchers and was critical for a critical Windows CryptoAPI vulnerability.
This means more scrutiny and work for Windows server administrators. They may have to spend more time patching up the exploit before things take a turn for the worst.
A closer look at the Spoofing Bug
The security flaw is tracked as CVE-2022-34689 and it was addressed with a patch in August 2022 but Microsoft publicly acknowledged it in October of the same year.
An attacker could make manipulations in an existing x.509 certificates to spoof their identity. Then they could use this to authenticate or code signing as the targeted certificate, as reported by MSRC.
Who are affected?
Akamai in their report, the researchers have said that applications using the CryptoAPI could be vulnerable to this spoofing attack. They have found Chrome (v48 and earlier) and Chromium-based applications to be at risk of being exploited.
They further added that less than 1% of visible devices at data centers are patched, and the rest are still vulnerable to the exploit.
This opens vulnerability to servers running Windows 7 and may warrant a security update. Developers are being advised to use other WinAPIs to confirm the certificate validity before using it.
What is Windows CryptoAPI spoofing flaw?
Windows CryptoAPI is a set of cryptographic application programming interfaces (APIs) included in the Microsoft Windows operating system. A spoofing flaw in the CryptoAPI allows an attacker to create a fraudulent digital certificate that appears to be legitimate.
This can be used to trick users into installing malware or visiting phishing websites that are made to look like legitimate sites. The vulnerability can also be used to bypass security features such as code signing and secure boot. Microsoft has released updates to address the vulnerability in the past but new exploits keep making their way.