[Cryptography] Windows security leads to 0-day in Windows security

Peter Gutmann pgut001 at cs.auckland.ac.nz
Fri Oct 30 23:59:20 EDT 2020

I'm always amused to see security components used to break security.  This
time it's Window's CNG, a.k.a. Cryptography API: Next Generation, which has an
0-day in it that affects every version of Windows back to Windows 7:


It's at the kernel level, and being exploited in the wild.  Very unsporting of
the attackers to ignore the "security line, do not cross" tape and attack
there anyway.


More information about the cryptography mailing list