News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

    Posted on January 17th, 2020 at 08:19 woody Comment on the AskWoody Lounge

    There’s a simple SANS test to see if your particular browser, running on your particular machine, is susceptible. That doesn’t cover all possibilities, but it’s certainly indicative.

    Detailed discussion in Computerworld Woody on Windows.

    We’re still at MS-DEFCON 2. Unless your system, specifically, triggers a “You Are Vulnerable” warning in the SANS test, I recommend that you wait to patch.

    UPDATE: Some scary stuff from Benjamin Delpy, @gentlekiwi. He’s come up with a scenario where a malicious Word VBA macro can run, if you set VBA to “Disable all macros except digitally signed” and your machine has cached the Microsoft ECC Product Root Certificate Authority 2018 cert. His example requires you to manually activate the macro – but it’s still scary.

    UPDATE: Lawrence Abrams at BleepingComputer has a detailed account of various devious methods that bypass normal certificate validation, thanks to CVE-2020-0106.