Proof of concept exploit code has been released by Akamai researchers for a critical Windows CryptoAPI vulnerability discovered by the NSA and U.K.'s NCSC allowing MD5-collision certificate spoofing.

The new Windows CryptoAPI CVE-2020-0601 vulnerability disclosed by the NSA can be abused by malware developers to sign their executables so that they appear to be from legitimate companies. This ...

Now Akamai has published proof-of-concept (PoC) code that shows how exploitation works, employing an old version of the Chrome web browser (v48) which uses CryptoAPI to check certificate legitimacy.

In 2022, the National Security Agency, in conjunction with the U.K’s National Cyber Security Centre, reported a critical vulnerability in the Windows CryptoAPI to Microsoft. While this was ...

A bug in the Windows CryptoAPI is still unpatched on most data centre systems. Security researchers from Akamai said that the bug was discovered and fixed by Microsoft in August 2022, but 99 ...

I'm trying to implement decryption of data in a .Net app that was encrypted via Win32 CryptoAPI (wincrypt). A lot of it has been hit or miss for me, since I'm a native C/C++ dev that gets to play ...

The Windows 10 CryptoAPI vulnerability reported by the NSA gets named "curveball" Three days is a long time in cybersecurity. It was only three days ago that I wrote an article " New Windows 10 ...

Time to Patch Anne Neuberger CERT Coordination Center CERT-CC crypt32.dll microsoft Microsoft CryptoAPI national security agency nsa Patch Tuesday January 2020 Will Dormann windows ...

The CVE-2020-0601 bug The vulnerability, tracked as CVE-2020-0601, impacts the Windows CryptoAPI, a core component of the Windows operating system that handles cryptographic operations.

Time to Patch Anne Neuberger CERT Coordination Center CERT-CC crypt32.dll microsoft Microsoft CryptoAPI national security agency nsa Patch Tuesday January 2020 Will Dormann windows Post navigation ...