Kudelski Security’s Francisco Donoso, Director – Global Security Strategy, provides a brief webcast overview of CurveBall, the Microsoft Windows cryptographic API vulnerability. 

Today, we’ll be talking about CurveBall, a Microsoft Windows cryptographic API vulnerability. We’ll give you a brief overview of Curveball as the vulnerability is called, talk a little bit about the potential impact and what you can do to remediate and detect.

First things first CurveBall impacts, Windows 10, Windows Server 2016 and Windows Server 2019. The reason that these operating systems are impacted is because they support new versions of Elliptic Curve Cryptography. ECC, as it’s called, is just another signature algorithm similar to RSA that’s faster and more efficient than RSA. With ECC you can have smaller key sizes that are effectively as secure as larger RSA keys and thus they’re really valuable for fast, speedy encrypted communication.

The vulnerability exists because Microsoft now supports what are called non-standard curves, which allow attackers to spoof certificates that Microsoft Windows would consider valid even though they are not. Because of this, Curveball can allow attackers to spoof HTTPS certificates. That means that an attacker in a privileged network position who can capture your client’s traffic could potentially spoof a certificate using one of these non-standard curves and intercept that traffic, potentially modifies it and potentially introduce other traffic into that supposedly secure stream. Additionally, this allows attackers to spoof what are called code signing certificates, which are intended to protect machines by application whitelisting. Several application whitelisting solutions allow organizations to prevent non-signed binaries or code from running on their machines. Additionally, there are several cryptographic protections that Microsoft Windows requires for security purposes to be signed either by Microsoft itself or a trusted developer.

Leveraging this vulnerability, an attacker could potentially run malicious code on a system that should not have been run. Now Kudelski Security and our research team have released a proof of concept exploit. Here you can see that we’ve been able to spoof a certificate that’s considered valid for GitHub.com, even though this is hosted on a Kudelski Security site. This is a real-world example of the potential impact of the CurveBall vulnerability.

So again, this exists because Windows fails to properly validate elliptic curve cryptography certificates, allows an attacker to spoof those certificates to intercept HTTPS or TLS traffic or potentially run malicious code on a system that requires binaries to be run. Kudelski Security has released a proof of concept exploit and published a detailed blog on the topic, for those of you who are interested.

Now talking a little bit about detection and response, Microsoft, in coordination with the U.S. National Security Agency, released a patch for this vulnerability on January 14, 2020. Everyone should apply that patch as soon as possible. From a detection perspective, the new patch actually introduces a new application event logged by Windows computers with a source of Microsoft Windows Audit CVE. For those of you who are looking to detect potential exploitation of this vulnerability, once a system has been patched, you’ll be able to centrally collect these potential logs and identify an attempt to exploit this vulnerability. Just a quick note that this event will only be written once the patch has been applied to the impacted computer. Finally, it’s also possible to detect potential tampering or TLS certificates spoofing by monitoring TLS handshakes using a system like an intrusion detection system or other network monitoring solutions. There are several signatures that vendors have released and if you’re interested, our blog posts also cover some more additional details.

Finally, I just want to remind everyone that while this vulnerability is highly impactful, it’s not the end of the world. Windows updates, which are used to deliver secure code and patches to all of these windows machines are not impacted. They actually use a separate algorithm, RSA, and Microsoft has embedded the full certificate chain in Windows to validate that they’ve been properly signed by Microsoft. That limits the potential impact. Additionally, Microsoft released several critical severity vulnerabilities in remote desktop gateways that we recommend clients prioritize. Since those are much more likely to be exploited by unsophisticated attackers in the next few days.

Read the proof of concept here: https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/

Read the security advisory here: https://modernciso.com/2020/01/16/security-advisory-multiple-critical-vulnerabilities-on-windows-systems/

Francisco Donoso