[Cryptography] Windows security leads to 0-day in Windows security
Stephan Neuhaus
stephan.neuhaus at zhaw.ch
Mon Nov 2 04:00:42 EST 2020
On 10/31/20 4:59 AM, Peter Gutmann wrote:
> I'm always amused to see security components used to break security. This
> time it's Window's CNG, a.k.a. Cryptography API: Next Generation, which has an
> 0-day in it that affects every version of Windows back to Windows 7:
>
> https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
>
> It's at the kernel level, and being exploited in the wild. Very unsporting of
> the attackers to ignore the "security line, do not cross" tape and attack
> there anyway.
It seems strange to me that one of the better C/C++ compilers out there
(Visual Studio) wouldn't see the potential for an integer overflow here.
(To be sure, it's UNSIGNED integer overflow, which is at least not
undefined behaviour. That might in fact be part of the problem here.)
Also, it seems to me that fuzzing would have found this problem rather
quickly. It's a very odd bug to have survived apparently since Win7.
Do you have any insights on how this bug remained in the code base for
so long, and why none of the (reportedly excellent) static analysis
components of Visual Studio have alerted to it?
Fun
Stephan
PS: Windows has ioctls? I'd always thought they were a Unix specialty.
More information about the cryptography
mailing list