Brian Jackson - Fotolia

NSA reports flaw in Windows cryptography core

Microsoft patched a critical vulnerability in how Windows validates cryptographic certificates that could lead to dangerous attacks, according to experts, and was originally reported by the NSA.

After years of criticism from the infosec community about hoarding critical vulnerabilities, the National Security Agency may be changing course.

The highlight of Microsoft's first Patch Tuesday of 2020 is a vulnerability in the Windows cryptography core first reported to vendor by the NSA. The flaw in CryptoAPI DLL (CVE-2020-0601) affects Windows 10 and Windows Server 2016 and 2019. According to Microsoft's description, an attacker could exploit how Windows validates ECC certificates in order to launch spoofing attacks.

The NSA gave a more robust description in its advisory, noting that the Windows cryptography flaw also affects "applications that rely on Windows for trust functionality," and specifically impacts HTTPS connections, signed files and emails and signed executable code.

"Exploitation of the vulnerability allows attackers to defeat trusted network connections and deliver executable code while appearing as legitimately trusted entities," NSA wrote in its advisory. "NSA assesses the vulnerability to be severe and that sophisticated cyber actors will understand the underlying flaw very quickly and, if exploited, would render the previously mentioned platforms as fundamentally vulnerable. The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available."

Will Dormann, vulnerability analyst at the CERT Coordination Center, confirmed the issue also affects X.509 certificates, meaning an attacker could spoof a certificate chain to a trusted root certificate authority and potentially intercept or modify TLS-encrypted communication.

Johannes Ullrich, fellow at the SANS Internet Storm Center, said the flaw is especially noteworthy because "the affected library is a core component of the Windows operating systems. Pretty much all software doing any kind of cryptography uses it."

"The flaw is dangerous in that it allows an attacker to impersonate trusted websites and trusted software publishers. Digital signatures are used everywhere to protect the integrity and the authenticity of software, web pages and, in some cases, email," Ullrich told SearchSecurity. "This flaw could be used to trick a user into installing malicious software. Most endpoint protection products will inspect the digital signature of software the user installs, and consider software created by trusted organizations as harmless. Using this flaw, an attacker would be able attach a signature claiming that the software was created by a trusted entity."

However, Craig Young, computer security researcher for Tripwire's vulnerability and exposure research team, said the impact of this Windows cryptography vulnerability might be more limited to enterprises and "most individuals don't need to lose sleep over this attack just yet."

"The primary attack vectors most people would care about are HTTPS session compromise malware with spoofed authenticode signatures. The attack against HTTPS however requires that the attacker can insert themselves on the network between the client and server. This mostly limits the attack to nation-state adversaries," Young told SearchSecurity. "The real risk is more likely to enterprises where a nation state attacker may be motivated to carry out an attack. The worst-case scenario would be that a hostile or compromised network operator is used to replace legitimate executable content from an HTTPS session with malicious binaries having a spoofed signature."

Beyond patching, NSA suggested network prevention and detection techniques to inspect certificates outside of Windows cryptography validation.

"Some enterprises route traffic through existing proxy devices that perform TLS inspection, but do not use Windows for certificate validation. The devices can help isolate vulnerable endpoints behind the proxies while the endpoints are being patched," NSA wrote. "Properly configured and managed TLS inspection proxies independently validate TLS certificates from external entities and will reject invalid or untrusted certificates, protecting endpoints from certificates that attempt to exploit the vulnerabilities. Ensure that certificate validation is enabled for TLS proxies to limit exposure to this class of vulnerabilities and review logs for signs of exploitation."

NSA takes credit

Infosec experts credited the NSA for not only reporting the Windows cryptography flaw but also providing detailed insight and advice about the threat. Chris Morales, head of security analytics at Vectra, based in San Jose, Calif., praised the NSA for recommending "leveraging network detection to identify malicious certificates."

"I think they did a great job of being concise and clear on both the problem and recommended courses of action," Morales told SearchSecurity. "Of course, it would be great if the NSA did more of this, but it is not their normal job and I wouldn't expect them to be accountable for doing a vendor job. Relying on the vendor for notification of security events will always be important."

Young also commended the NSA's advisory for being very helpful and providing "useful insights which are not included in either the CERT/CC note or the Microsoft advisory."

The NSA is designated as the Executive Secretariat of the government's Vulnerabilities Equities Process (VEP), designed to organize the process of determining what vulnerabilities found by federal agencies would be kept secret and which would be disclosed. However, the NSA has consistently received criticism from experts that it keeps too many vulnerabilities secret and should disclose more in order to help protect the public. In recent years, this criticism was loudest when leaked NSA cyberweapons were used in widespread WannaCry attacks.

The NSA advisory for the Windows cryptography flaw is rare for the agency, which has been more open with warnings about potential threats but hasn't been known to share more technical analysis.

Also making this vulnerability an outlier is that the NSA was given attribution in Microsoft's patch acknowledgements section. Anne Neuberger, deputy national manager at the NSA, said on a call with news media Tuesday that this wasn't the first vulnerability the NSA has reported to Microsoft, but it does mark the first time the agency accepted attribution.

Infosec journalist Brian Krebs, who broke the story of the Windows cryptography patch on Monday, claimed sources told him this disclosure may mark the beginning of a new initiative at NSA to make more vulnerability research available to vendors and the public.

NSA did not respond to requests for comment at the time of this writing.

Dig Deeper on Application and platform security