all InfoSec news
Micropatches For Windows CryptoAPI Spoofing (CVE-2022-34689)
Malware Analysis, News and Indicators - Latest topics malware.news
August 2022 Windows Updates* brought a fix for CVE-2022-34689, a vulnerability in Windows CryptoAPI that allows an attacker to trick some Windows applications - depending on their use of CryptoAPI certificate caching - into accepting a fraudulent certificate. The vulnerability was reported to Microsoft by UK NCSC and the NSA, but subsequently Tomer Peled and Yoni Rozenshein of Akamai reverse engineered Microsoft's patch and provided a detailed analysis with a proof-of-concept.
(* While Microsoft published this information in …
akamai analysis applications august certificate concept cryptoapi cve cve-2022-34689 fix fraudulent microsoft ncsc nsa patch proof-of-concept reverse spoofing uk ncsc updates vulnerability windows windows updates