Cyber Creatures

  Windows CryptoAPI Spoofing Vulnerability Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the NSA and U.K.'s NCSC allowing MD5-collision certificate spoofing . Tracked as CVE-2022-34689 , this security flaw was addressed with security updates released in August 2022 , but Microsoft only made this public in October, when the advisory was first published. " An attacker could manipulate an existing public x.509 certificate to spoof their identity and perform actions such as authentication or code signing as the targeted certificate, " Microsoft explains. Unauthenticated attackers can exploit this bug (tagged by Redmond as critical severity) in low-complexity attacks. Today, security researchers with the Akamai cloud security firm have published a proof of concept (PoC) exploit and shared an OSQuery to help defenders detect CryptoAPI library versions vulnerable to attacks.  " We have s...