Two proofs-of-concept (PoC) exploits have been publicly released for the recently-patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft. The vulnerability (CVE-2020-0601) could enable an attacker to spoof a code-signing certificate (necessary for validating executable programs in Windows) in order to make it appear like an application was from a trusted source. The flaw made headlines when it was disclosed earlier this week as part of Microsoft’s January Patch Tuesday security bulletin. It marked the first time the NSA had ever publicly reported a bug to Microsoft. The two PoC exploits were published to GitHub on Thursday. Either could potentially allow an attacker to launch MitM (man-in-the-middle) attacks – allowing an adversary to spoof signatures for files and emails and fake signed-executable code inside programs that are launched inside Windows. One PoC exploit was released by Kudelski Security and the other by a security researcher under the alias “Ollypwn”. According to Microsoft’s advisory, the spoofing vulnerability exists in the way Windows CryptoAPI (Microsoft’s API that enables developers to secure Windows-based applications using cryptography) validates Elliptic Curve Cryptography (ECC) certificates. Kudelski Security in a blog post said they launched the PoC using a “curve P384” certificate, which uses ECC (specifically, the USERTrust ECC Certificate Authority). Researchers were able to craft a key used to sign the “curve P384” certificate with an arbitrary domain name. This certificate would subsequently be recognized by Windows’ CryptoAPI as trusted. Another similar PoC exploit was publicly released by Denmark-based security expert “Ollypwn.” “When Windows checks whether the certificate is trusted, it’ll see that it has been signed by our spoofed CA,” said “Ollypwn” in a write up of his PoC exploit. “It then looks at the spoofed CA’s public key to check against trusted CA’s. Then it simply verifies the signature of our spoofed CA with the spoofed CA’s generator – this is the issue.” A third PoC exploit was developed by security expert Saleem Rashid; who said on Twitter, Wednesday, that the PoC allowed him to fake TLS certificates and set up sites that look like legitimate ones. However, Rashid did not make his PoC exploit code public. To read the warnings, and more please visit OUR FORUM.

Microsoft has ended official support for Windows 7 on January 14 — 11 years after it first launched to rave reviews. Although Windows 10 eventually managed to overtake Windows 7's market share, many businesses and even home users continue to use Windows 7 despite Microsoft constantly urging them to upgrade. After January 14, Windows 7 users won't be getting any free support including any security updates. While your PC won't automagically stop working after January 14, not having timely security updates can comprise your online life. As we have seen with Windows XP, businesses reluctant to upgrade are used to paying hefty support fees to Microsoft after the official support period. A similar process is likely to be seen with Windows 7 as well. Enterprises have to enroll for Extended Security Updates (ESUs) in order to receive patches for vulnerabilities that may allow the spread of malware such as ransomware. If for some reason you wish to cling onto Windows 7, here's a neat hack developed by My Digital Life (MDL) forums veteran abbodi1406 to trick Microsoft into bypassing eligibility checks for Extended Security Updates. Then, register yourself on the MDL forums. Download the tool and install it. After installing the tool, fire-up Windows Update and see if it downloads the KB4528069 test update. If it does, your PC is now eligible to receive Microsoft's ESU that are otherwise only available to business users. The author notes that unlike conventional updates, ESUs have to be installed live via Windows Update only and cannot be installed offline or integrated into your Windows image via DISM. Eligibility for ESU is checked only once during the first ESU download. Therefore, you can remove the tool once eligibility is confirmed and you are able to download the aforementioned test update. However, do remember that the tool is still a prototype and any change in Microsoft's policies towards servicing ESUs may break the hack so, you will have to keep an eye on the thread for any updates to the tool. Follow this thread on OUR FORUM.