The CryptoAPI vulnerability has been given a second life and most Windows-based data center systems and applications still remain vulnerable.
We are talking about the bug CVE-2022-34689, which was revealed last year by the NSA and the British NCSC, after Microsoft fixed it without too much hype.
The bug closed in August 2022, although it was marked as critical, but received a CVSS rating of only 7.5 out of 10 from Microsoft.
The thing is that the problem may have been used by specially trained actors, but quite quietly and locally.
However, experts from Akamai added fuel to the fire by publishing a PoC exploit, which seriously excited Microsoft, which will now have to reconsider its conclusions.
Recall that CryptoAPI helps developers protect Windows applications using cryptography, and the API can be used, for example, to verify certificates and identification.
The vulnerability itself can be used by attackers to digitally sign malicious executable files in such a way that Windows and applications believe that the files are obtained from reliable and legitimate sources and can be opened or installed.
The PoC demo works with an old version of Chrome for Windows that uses CryptoAPI to validate certificates. When implementing a MITM attack, you can make the browser think that it is communicating with a legitimate server for an HTTPS website, but in fact a malicious fake is being used.
Akamai claims that the vast majority of public Windows-based servers in data centers around the world that she studied have not been fixed, but notes that in order for the error to be used in practice, an application or service using CryptoAPI must be running on the device in such a way that it can be spoofed.
At the moment, experts have discovered that old versions of Chrome (v48 and earlier) and Chromium-based applications can be hacked.