[Cryptography] Windows security leads to 0-day in Windows security
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Oct 30 23:59:20 EDT 2020
I'm always amused to see security components used to break security. This
time it's Window's CNG, a.k.a. Cryptography API: Next Generation, which has an
0-day in it that affects every version of Windows back to Windows 7:
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
It's at the kernel level, and being exploited in the wild. Very unsporting of
the attackers to ignore the "security line, do not cross" tape and attack
there anyway.
Peter.
More information about the cryptography
mailing list