News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

    Home Forums AskWoody blog Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

    This topic contains 92 replies, has 43 voices, and was last updated by  anonymous 3 weeks, 5 days ago.

    • Author
      Posts
    • #2086216 Reply

      woody
      Da Boss

      There’s a simple SANS test to see if your particular browser, running on your particular machine, is susceptible. That doesn’t cover all possibilities
      [See the full post at: Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?]

      6 users thanked author for this post.
    • #2086221 Reply

      abbodi86
      AskWoody_MVP

      Legacy Opera 12.18 is semi-vulnerable

      if you rejected the certificate, then all is good
      if you accept it, you are hooked

      the warning is fair 🙂

      3 users thanked author for this post.
    • #2086243 Reply

      zero2dash
      AskWoody Lounger

      Looks like another good reason to use Firefox. :thumbup:

    • #2086244 Reply

      anonymous

      I’m running Firefox on Win 7 and never use IE. However some programs default to IE and it will open- when it does I immediately close it. It makes one consider testing IE on the site but…since my IE almost never gets past the homepage/splashscreen I prefer to wait until the defcon changes before worrying about it.

      -firemind

      • #2086293 Reply

        Ricard
        AskWoody Plus

        I just tested IE 11 on Windows 7, patched through November 2019, on the test page site and got a “NOT Vulnerable” result.

        Win 7 Pro, 64-Bit, Group B,Ivy Bridge i3-3110M, 2.4GHz, 4GB, XP Mode VM, WordPerfect
    • #2086246 Reply

      anonymous

      “My recommendation is that you install the January Patch Tuesday patches immediately only if you get a “You Are Vulnerable” response from the SANS test page. If you’re all clear, meh, stay out of the unpaid beta-testing pit and hold off on installing the January patches until we have a clearer picture of potential collateral damage.”

      This is good advice, however pretty much every enterprise organization is still using IE as default browser and Google Chrome does NOT update automatically all the time, putting countless of those users at risk too.  So pretty much everyone is vulnerable that is not a savvy-tech consumer reading this.

      • #2086315 Reply

        warrenrumak
        AskWoody Plus

        No, most organizations are definitely -not- using IE as a default.  Its usage is now under 5%.

         

    • #2086250 Reply

      Dalek
      AskWoody Plus

      I am seeing the message that “You Are Vulnerable” in SeaMonkey, Firefox and IE. Running Windows 10.

      3 users thanked author for this post.
      • #2086381 Reply

        woody
        Da Boss

        But not in Firefox, right?

        Firefox uses a different cert validation technique. As I understand it.

        • #2086932 Reply

          anonymous

          I get a “You Are Vulnerable” warning even though I’m using Firefox. I thought the vulnerability wasn’t supposed to apply to that browser. It even says that on the warning page the site gives me. Does the site happen to throw incorrect warnings if you actually do test it with Firefox or something? I’m not quite sure what gives here. And a warning to others who may get this too: you antivirus may block the site. But don’t get too worried though, that’s what its supposed to do. It’s just a sign your AV is doing its job, nothings wrong with the page.

          • #2087179 Reply

            bbearren
            AskWoody MVP

            Is your Firefox installation up to date running Version 72.0.1?  I am, and I’m not vulnerable.  I have Firefox set to allow updates automatically.

            Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
            "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
            "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

            1 user thanked author for this post.
            • #2087398 Reply

              anonymous

              Yes, its fully up to date with version 72.0.1. I constantly make sure its up to date. I’m considering updating Windows 10 in the near future but I’m hesitant to do so for all the obvious reasons. I’m no where near joining the Chicken Little crowd just yet, but Woody did say he thought people should patch if they got the “you are vulnerable” warning. I use Firefox for all my browsing and as far as i can tell its not supposed to be a target for this exploit, but I’m fully aware the vulnerability still exists on my machine until it gets patched. Also, as far as I can tell on the malware front everything that’s out there is proof of concept stuff and even the people hard at work trying to make this stuff work for them still have a bunch off hoops to jump through having to get their target to have a good certificate cached before they can do anything. I’m just going to keep being cautious with my web browsing ect. and stay tuned to see if there are any new developments before I decide to take the plunge and patch.

              1 user thanked author for this post.
    • #2086254 Reply

      BiltmoreLaker
      AskWoody Plus

      I mainly use Firefox, but occasionally use Brave. Firefox, as noted indicated my system was not vulnerable when going to the SANS test page, but Brave indicated it was vulnerable.

      I decided to apply the patch updates (after a full image backup). After doing so, and rebooting. Brave still indicated my system was vulnerable. Edge, however, said the system is safe.

      I checked the version of Brave I am using and it is Version 1.2.42 Chromium: 79.0.3945.117 (Official Build) (64-bit) and is noted as the latest version. Any thoughts on why Brave continues to indicate vulnerability?

      • #2086269 Reply

        anonymous

        >I decided to apply the patch updates (after a full image backup). After doing so, and rebooting. Brave still indicated my system was vulnerable
        Try clearing the site cache. That ought to do the trick.

        4 users thanked author for this post.
        • #2086401 Reply

          BiltmoreLaker
          AskWoody Plus

          Thanks! I updated a non-related software program that required another reboot prior to reading this. After checking again, Brave no longer indicates that I am vulnerable.

          I’m sure that following your suggestion would have fixed it immediately.

          1 user thanked author for this post.
    • #2086258 Reply

      G
      AskWoody Plus

      Just updated Chrome this morning and “test page” states “You are vulnerable”

      Google Chrome is up to date
      Version 79.0.3945.130 (Official Build) (64-bit)
      Win 10 1903 w/December updates installed
      2 users thanked author for this post.
      • #2086277 Reply

        CADesertRat
        AskWoody Plus

        That’s interesting, since I have the same Chrome version and I got “You are not vulnerable” on the test.

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro all 1903 (3 Desktops, 1 Laptop).

        1 user thanked author for this post.
      • #2086281 Reply

        barcud
        AskWoody Plus

        Agreed @G. Patched chrome fails for me too! (Windows not patched 18363.535 (1909))
        (Firefox and Bluemoon are OK, But latest patched Vivaldi is susceptible.)

        • This reply was modified 1 month ago by  barcud. Reason: Added O/S
        1 user thanked author for this post.
    • #2086270 Reply

      weedacres
      AskWoody Plus

      Windows 10 Pro at v1903 current through December updates. I tested Firefox and get Not Vulnerable. I then tested Chrome and get You Are Vulnerable.

      Installed the 2020-01 Cumulative Update KB4528760 and still get You Are Vulnerable. Updated Chrome to Version 79.0.3945.130 and still get it.

      I don’t know if this means that KB4528760 doesn’t fix the exploit or that the test at https://curveballtest.com/index.html doesn’t really test for the exploit.

      Dave

      1 user thanked author for this post.
    • #2086279 Reply

      Dalek
      AskWoody Plus

      Installed the 2020-01 Cumulative Update and now Bitdefender will not allow me to open the test site.

    • #2086280 Reply

      Barry
      AskWoody Plus

      I think the test page looks pretty iffy. I show OK using chrome with a patched system but looking at the other comments makes me wonder how reliable this test is.

      Whats the big deal with installing the update? Its been 3 days since Patch Tuesday and i have not seen any problems reported. Usually by now especially on Ask Woody you would see all kinds of problems Posters are having.

       

      Barry (Seeker)
      Windows 10 Home V 1909

      1 user thanked author for this post.
      • #2086382 Reply

        woody
        Da Boss

        Good point. It has been three days, and other than installation headaches, I haven’t seen any big bugs either.

        Let’s see how the weekend goes.

    • #2086292 Reply

      davefox
      AskWoody Plus

      I’m running into some odd behavior.  I’ve patched several test machines and then loaded the curveball test page.  On all but one, the test now shows not vulnerable with both Vivaldi and Chrome.

      On one system, though, it shows vulnerable with Vivaldi, but not with Chrome.  All systems have the latest Vivaldi version and are running the same security software.  On the problem system, the January update shows as installed, and the crypt32.dll file shows a new timestamp.  Don’t know why Vivaldi would be showing vulnerable on this one system.

      1 user thanked author for this post.
    • #2086295 Reply

      Alex5723
      AskWoody Plus

      This morning my Chrome (80…) beta was vulnerable, now, Chrome Version 80.0.3987.53 (Official Build) beta (64-bit), is not.
      This SANS test of the browsers has nothing to do with patched or non-patched Windows 10 as it doesn’t check the for Jan. 2020 patches/Crypt.api. Patching with Jan. patch Tuesday won’t help your vulnerable browser to turn immune.

      • This reply was modified 1 month ago by  Alex5723.
      • This reply was modified 1 month ago by  Alex5723.
      1 user thanked author for this post.
      • #2086307 Reply

        Bluetrix
        AskWoody MVP

        There doesn’t seem to be a common denominator for pass/fail from the posts I’ve read here.

        I do not assume all testing sites are the same, so checking on several sites might be helpful.

        Please post the URL where your test was done.

        http://testcve.kudelskisecurity.com/

        • If you see “Hello World” on the next screen, you’re vulnerable to CVE-2020-0601
        • If you get a certificate error, you’re safe!

        I just tested at that site, all clear for me.

        cbtest

        Windows10 Home 1909  FF 69.0.3

        No 1-14-2020 updates

        • This reply was modified 1 month ago by  Bluetrix. Reason: add png
        • This reply was modified 1 month ago by  Bluetrix.
        Attachments:
        1 user thanked author for this post.
        • #2086313 Reply

          Alex5723
          AskWoody Plus

          Testing my Chrome beta on http://testcve.kudelskisecurity.com/. Got :

          Attachments:
          1 user thanked author for this post.
        • #2086387 Reply

          CADesertRat
          AskWoody Plus

          I also tested on your link with 1809 Pro and Chrome 79. Got the invalid cert. Only Dec patches no Jan patches.

          Don't take yourself so seriously, no one else does 🙂
          4 Win 10 Pro all 1903 (3 Desktops, 1 Laptop).

          1 user thanked author for this post.
        • #2087183 Reply

          bbearren
          AskWoody MVP

          Firefox (my browser of choice) won’t go there.

          Connection-Failed

          Using Edge in 1909 (OS Build 1863.592) fully updated, it won’t go there, either.

          Not-Secure

          Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
          "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
          "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

          Attachments:
      • #2086403 Reply

        b
        AskWoody Plus

        This SANS test of the browsers has nothing to do with patched or non-patched Windows 10 as it doesn’t check the for Jan. 2020 patches/Crypt.api. Patching with Jan. patch Tuesday won’t help your vulnerable browser to turn immune.

        That is NOT true.

        Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

        • This reply was modified 1 month ago by  b.
        2 users thanked author for this post.
    • #2086301 Reply

      weedacres
      AskWoody Plus

      I cleared the Chrome cache after installing the January patch and now get Not Vulnerable. I should have thought of that before…

       

      Dave

      3 users thanked author for this post.
      • #2086316 Reply

        davefox
        AskWoody Plus

        Yes, I should have thought of clearing the cache as well.  It cleared up my odd Vivaldi problem.

        2 users thanked author for this post.
    • #2086304 Reply

      fernlady
      AskWoody Lounger

      I tried the test in IE11 and it showed Not Vulnerable but I also got a popup from AVG Free.

      test

      Windows 7 Home Premium x64 AMD Group A Realtek PCLe GBE Family Controller

      Attachments:
      1 user thanked author for this post.
    • #2086309 Reply

      Grond
      AskWoody Plus

      I’m running Win10 Pro v1903, build 18362.535 and my Chrome default browser (which updated early this morning to v79.0.3945.130) shows as “Not Vulnerable.” I had not previously run the test.
      This result was generated about 5 minutes ago. I did not have to clear the browser cache.
      I’m using MBAM 4.04 Premium and Windows Security/Defender.

      [self-edited for clarity and a typo]

      Windows 10 Pro x64 v1903 Desktop PC

      • This reply was modified 1 month ago by  Grond.
      • This reply was modified 1 month ago by  Grond.
      1 user thanked author for this post.
    • #2086321 Reply

      Alex5723
      AskWoody Plus

      Windows 10 Pro at v1903 current through December updates. I tested Firefox and get Not Vulnerable. I then tested Chrome and get You Are Vulnerable.

      Installed the 2020-01 Cumulative Update KB4528760 and still get You Are Vulnerable. Updated Chrome to Version 79.0.3945.130 and still get it.

      I don’t know if this means that KB4528760 doesn’t fix the exploit or that the test at https://curveballtest.com/index.html doesn’t really test for the exploit.

      Dave

      Windows 10 updates have nothing to do with Browsers vulnerability.
      Your browser should update for the CVE-2020-0601.

      • #2086325 Reply

        b
        AskWoody Plus

        Windows 10 updates have nothing to do with Browsers vulnerability.
        Your browser should update for the CVE-2020-0601.

        That’s just not true in this case. Most browsers (Firefox excepted) use Windows’ CryptoAPI (crypt32.dll) to inspect certificates.

        Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

        3 users thanked author for this post.
    • #2086330 Reply

      Alex5723
      AskWoody Plus

      Windows 10 updates have nothing to do with Browsers vulnerability.
      Your browser should update for the CVE-2020-0601.

      That’s just not true in this case. Most browsers (Firefox excepted) use Windows’ CryptoAPI (crypt32.dll) to inspect certificates.

      My Chrome in not vulnerable after today’s version update while my Windows 10 1903 was not updated with Jan. patch Tuesday yet.
      Look at Mark’s post, below.

    • #2086332 Reply

      Mark
      AskWoody Plus

      Running Win 7 Enterprise at work, patched to the most recent.  Google Chrome Version 78.0.3904.87 (Official Build) (64-bit), Firefox Version 72.0.1 (64-bit), and IE 11 Version 11.0.9600.19540, all give the “You Are Vulnerable” message.

      Windows 10 Pro x64 v1809, Windows 7 Home Premium x64, Windows Vista Home Premium x64
    • #2086333 Reply

      G
      AskWoody Plus

      Didn’t think of clearing Chrome cache either so thought I would do a before and after test/re-check…

      The before test now gives the all clear?? (previously vulnerable with latest Chrome update)

      Double checked and ‘clear browser’ is NOT automatic.  I did a restart of Chrome after the initial update earlier this morning and still received the “You are Vulnerable” alert. The laptop was in sleep mode while doing an errand; no laptop restart.

      https://curveballtest.com/index.html

      Summary:  All is good but don’t know how/why.

    • #2086339 Reply

      lurks about
      AskWoody Lounger

      It seems like every time there is an unusual attack method there is a lot of noise saying ‘update now or die a horrible death’. But the fearmongers are ignoring how likely one is to be vulnerable to the attack in the real world not in some carefully crafted lab exercise. It is truly rare that one must patch immediately upon release updates. In those truly rare cases were one might be vulnerable, a little bit of caution is often adequate for the near term until the patch stability is ascertained.

      2 users thanked author for this post.
    • #2086341 Reply

      anonymous

      Those Web browser tests are utterly useless. If you’re running any Windows 10 version (includes related 2016/2019 server builds) and haven’t patched your system, you’re vulnerable. It’s that simple and time to patch. Don’t get fooled by such-know-it-alls; and there are a lot of these out there these days.

      1 user thanked author for this post.
    • #2086349 Reply

      Berserker79
      AskWoody Lounger

      Windows 10 Home 1809 with December 2019 updates installed. I tested Firefox 72.0.1 (64 bit) and got the “You Are Vulnerable” message on the SANS test page.

      I’m kinda perplexed: aren’t all Windows 10 versions without the January updates supposed vulnerable? Or does it also depend on the browser? Firefox is stated to be “not vulnerable”, but then why did I get the “You Are Vulnerable message” on the test page?

      Given woody’s advice to install the January patches if getting the “You Are Vulnerable” message, I gritted my teeth and let those patches through. Accessing the SANS test page again after completing installation of the patches now gives me a “You Are Not Vulnerable” message.

      1 user thanked author for this post.
    • #2086355 Reply

      Win7and10
      AskWoody Lounger

      Tested on my WIndows 7 machine, the screen message was GREEN instead of RED in the Box noted above and my Norton told me not to go to the website and told me go back to my Homepage, this was for IE 11, yes I know, should not use IE 11. Just testing 🙂

      Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
      Win 10 Home 1909 (HP ENVY i7)

    • #2086357 Reply

      b
      AskWoody Plus

      FAQ added by Microsoft yesterday:

      Are versions older than Windows 10 versions affected by this vulnerability?

      No, only Windows 10 versions of the OS are affected. In the initial release of Windows 10 (Build 1507, TH1), Microsoft added support for ECC parameters configuring ECC curves. Prior to this, Windows only supported named ECC curves. The code which added support for ECC parameters also resulted in the certificate validation vulnerability. It was not a regression, and versions of Windows which don’t support ECC parameters configuring ECC curves (Server, 2008, Windows 7, Windows 8.1 and servers) were not affected.

      CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

      (But Windows Server 2016 and Windows Server 2019 are affected, along with Windows 10 systems.)

      Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

      5 users thanked author for this post.
    • #2086359 Reply

      AngryJohnny75
      AskWoody Lounger

      Running new Edge stable channel on Windows 10 1909, the link Woody posted was blocked by Microsoft Smart Screen.

      2 users thanked author for this post.
      • #2086367 Reply

        dononline
        AskWoody Plus

        Same here with Edge and IE. Firefox got “Not Vulnerable.”

    • #2086361 Reply

      HE48AEEXX77WEN4Edbtm
      AskWoody Plus

      When I click on the SANS test that Woody posted, I received a bright red message that this website has been reported unsafe by Microsoft. Any thoughts?

      • #2086369 Reply

        b
        AskWoody Plus

        You can click More information, then Continue to site if you wish.

        I reported it as safe to Microsoft (because it’s SANS Institute ISC).

        SmartScreen is doing its job, but I hope an exception can be added.

        Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

        • #2086379 Reply

          Susan Bradley
          AskWoody MVP

          I get a smartscreen blocking on this machine.

          Susan Bradley Patch Lady

    • #2086366 Reply

      Win7and10
      AskWoody Lounger

      Have not tested my WIN 10 machine yet and will probably patch over the weekend.

      I am running version 1909.

      Windows 7 machine is reportedly not effected and will patch when Defcon is reached.

      Win 7 Home Premium x 64 SP1 (DELL INSPIRION i5) Still Alive!
      Win 10 Home 1909 (HP ENVY i7)

      • #2086383 Reply

        Susan Bradley
        AskWoody MVP

        Only 10 is vulnerable.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
        • #2086405 Reply

          OscarCP
          AskWoody Plus

          Susan: “Only 10 is vulnerable.

          Even so, the Crypto dll has been in all Windows versions since the early 2000’s. The current version of malware targets the one in Windows 10, but now that Win 7 joins the ranks of the “unsupported”, it might become a tempting target, because it still has and will continue to have many millions of users more than macOS or Linux. And those same crooked developers that created the version that attacks Win 10 could turn their hands to something equally nasty for Win 7 and, if they enjoyed doing this enough, also for earlier versions still being used by many, such as XP or Vista.

          In any case, browsing while running an old, unsupported OS is not a great idea. But those for whom that is not a sufficient deterrent, at least making sure to keep the browsers updated to their latest versions could improve their rate of survival as owners of un-hijacked PCs and other inconveniences.

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

          • #2086409 Reply

            b
            AskWoody Plus

            Please see Microsoft’s explanation here for why only Windows 10 is affected.

            Crooked developers have not yet created any related malware that attacks Win 10.

            Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

            3 users thanked author for this post.
            • #2086411 Reply

              OscarCP
              AskWoody Plus

              Thanks for correcting that mistake. I should have wrote “that might still create…”

              Do you ever take a holiday? Just curious.

              Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

    • #2086396 Reply

      OscarCP
      AskWoody Plus

      It will be helpful if those posting here about the results of their “vulnerability” tests and other CVE-2020-0601 related experiences actually identify the version of Windows they are running: Windows Vista?, Windows 7? Windows 8? Windows 8.1?, Windows 10 (+ version No.)?

      Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

      • #2086406 Reply

        b
        AskWoody Plus

        Only 10 is relevant.

        Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

        • #2086408 Reply

          OscarCP
          AskWoody Plus

          My point, precisely

          Windows 7 Professional, SP1, x64 Group B & macOS + Linux (Mint) => Win7 Group W + Mac&Lx

    • #2086413 Reply

      Pepsiboy
      AskWoody Lounger

      My Win 7 x64 SP1 gets “Not vulnerable” on both IE 11 and Chrome.

      Dave

    • #2086423 Reply

      Carl D
      AskWoody Lounger

      It seems like every time there is an unusual attack method there is a lot of noise saying ‘update now or die a horrible death’. But the fearmongers are ignoring how likely one is to be vulnerable to the attack in the real world not in some carefully crafted lab exercise. It is truly rare that one must patch immediately upon release updates. In those truly rare cases were one might be vulnerable, a little bit of caution is often adequate for the near term until the patch stability is ascertained.

      Exactly.

      Weren’t we all supposed to die a “horrible death” if we didn’t patch 2 years ago when there was a lot of noise (mostly static, it seems) about Meltdown and Spectre?

      Still waiting for reports of these being exploited in the wild. Same for the majority of these “security issues” being reported and patched every month.

      As I’ve said before – security has become a multi million dollar business these days. Security researchers are seemingly falling over themselves trying to find every little security issue in Windows (and other software, of course) so they can be the first to announce “Oooh… look what we’ve found, aren’t we clever?” And, most importantly, they get paid big dollars for finding all these “flaws”.

      MS apparently also want this situation to continue indefinitely because, as I’ve said in the past, it enables them to keep a ‘leash’ on peoples’ computers with the never ending updates.

      I always think of Canadian Tech with his 130 Windows 7 client computers which haven’t had a single Windows Update installed since May 2017 (and haven’t had any security issues) every time a new “OMG!! You’re in danger… must patch now!!” security issue appears (I’m expecting an escalation in these now that Windows 7 isn’t getting any more security updates to try and get more people onto Windows 10).

      But, having said all that I’ve checked Firefox, Edge and Internet Explorer on my Windows 10 Professional 1909 64bit with the January updates installed and I’m not vulnerable (I always have Macrium Reflect to save me from any Windows Update issues every month).

      P.S. where is the cute little logo for this vulnerability? Haven’t seen one yet. I’m most disappointed especially after the nice ones we had for Meltdown, Spectre and BlueKeep.

      Gigabyte GA-B250M-D3H Motherboard, Intel i5-7600 CPU, 32GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 860 EVO 250GB SSD, 1x Samsung 850 EVO 250GB SSD, Windows 10 Professional 1909 64bit.

      1 user thanked author for this post.
      • #2087199 Reply

        bbearren
        AskWoody MVP

        MS apparently also want this situation to continue indefinitely because, as I’ve said in the past, it enables them to keep a ‘leash’ on peoples’ computers with the never ending updates.

        Microsoft already has a ‘leash’ on peoples’s computers running licensed copies of Windows, because only Microsoft owns Windows.  Read your EULA for the license terms to which we all agreed by running Windows.

        Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
        "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
        "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

    • #2086441 Reply

      Mele20
      AskWoody Lounger

      Edge gives the Smart Screen to the SANS test (1809 last patched December 31, 2019) BUT on the https://chainoffools.kudelskisecurity.com/ test it is VULNERABLE.

      Vivaldi was vulnerable to SANS test when I first started it today. The strange thing about Vivaldi is that it is set to auto update (whether running or not) and it has not wanted to update in the past few days (last update was Jan 13). So, I clicked on Check for Updates and I was offered an update! I was surprised as it should have already updated. I updated it to 2.10.1745.27, retested, and it is no longer vulnerable to the SANS test. It is also not vulnerable to https://chainoffools.kudelskisecurity.com/ test.

      My default browser is Basilisk and 90% of the time I am on it so I am waiting to update Windows 10 until Pausing stops on Feb 4.

      1 user thanked author for this post.
    • #2086443 Reply

      anonymous

      Just for Fun.

      Windows 7 Ultimate  Sp1 ( No updated in over 7 months and only single updates then)

      Chain of Fools Link testcve.kudelskisecurity.com/

      SlimJet 25.05  – Error Privacy Error NET::ERR_CERT_INVALID

      reloading page brings up same message

      Ie 8 will not load page (blank)

      Firefox 56 – Secure Connection Failed

      An error occurred during a connection to chainoffools.kudelskisecurity.com. security library: improperly formatted DER-encoded message. Error code: SEC_ERROR_BAD_DER

      Other Link  curveballtest.com/index.html

      Slimjet Green

      Ie8 No result

      Firefox Green

      ————————————————————————————————————-

      Second Computer  Vista Business Sp2

      ie 7 Curveball Green

      Kudelski Two upper links come up with Can not Display page

      Clicking yellow button does nothing

      Firefox 52.9 ESR

      Curveball Green

      Kudelski Sec_Error_bad_Der

      SlimJet 10

      CurveBall  Green

      Kudelski  Net:Err_cert_invalid

       

      non Windows Laptop Chromebook Using Built in chrome (Chrome OS 76)

      Curveball Green

      Kudelski  Net:err_Cert_authority_invalid

      I know these are all not Vulerable (Only 10 is) But it was interesting to see the results and the error types for Kudeliski. I will test my test 10 (only used for testing) and see its results

      • #2086660 Reply

        CADesertRat
        AskWoody Plus

        Chrome threw your response in the spam bucket for a suspicious link.

        AW-spam

        Don't take yourself so seriously, no one else does 🙂
        4 Win 10 Pro all 1903 (3 Desktops, 1 Laptop).

        Attachments:
    • #2086478 Reply

      DriftyDonN
      AskWoody Plus

      Installed the 2020-01 Cumulative Update and now Bitdefender will not allow me to open the test site.

      Hmmm..I did NOT patch and yesterday BD allowed me to get to the

      “you are Vulnerable” page. Today BD stopped me…

      ?

    • #2086479 Reply

      Ascaris
      AskWoody_MVP

      I’m gonna say “no” to the question in the title:

      Waterfox Classic 2020.01  Not vulnerable

      Firefox 72.0.1  Not vulnerable

      Vivaldi 2.10.1745.26  Not vulnerable

      Opera 2.10.1745.26 Not vulnerable

      Chromium 81.0.4021.2 Not vulnerable

      (On Linux; Windows may differ).

      Group "L" (KDE Neon User Edition 5.18.1).

      • This reply was modified 1 month ago by  Ascaris.
      • #2086482 Reply

        b
        AskWoody Plus

        All on Linux? You don’t use Windows.

        Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

        • #2086488 Reply

          Ascaris
          AskWoody_MVP

          Yes, I meant that a bit tongue in cheek, but I edited to make it clearer.

          Group "L" (KDE Neon User Edition 5.18.1).

          1 user thanked author for this post.
          b
      • #2086504 Reply

        ryegrass
        AskWoody Plus

        Basilisk 2020.01.12 (64-bit) not vulnerable.

    • #2086490 Reply

      Sportsman
      AskWoody Lounger

      I already patched, but I was curious and tried to visit the test page. Firefox 72.0.1 wouldn’t load the page (“certificate error”), and one second later Windows Defender popped up a warning that the network connection was blocked.

      Windows 10 Home 64-bit

    • #2086494 Reply

      DriftyDonN
      AskWoody Plus

      Only 10 is vulnerable.

      ….and the test page is not for use by firefox according to Bojan on sans page…..

    • #2086496 Reply

      DriftyDonN
      AskWoody Plus

      Not for use w/ firefox………

      https://isc.sans.edu/index_cached.html

      Clipboard01

      Attachments:
    • #2086520 Reply

      Pierre77
      AskWoody Plus

      Now blocked by Malwarebytes Premium.

    • #2086521 Reply

      https://curveballtest.com/index.html

      Patched Chrome 79.0.3945.130 (Official Build) (64-bit) says, “Not Vulnerable.” But it sure thrashed my drive for 8 minutes while it updated!  After TWO instances of Software Tattle Tale (reporter) going for that long you’d think it had done something…BTW every time I open Chrome lately software_reporter_tool (fool?).exe goes nuts for about 5-8 minutes. (No wonder I don’t use it any more. Maybe it’s hysterical that it HASN’T been used!)

      Chrome is my backup browser; changed to Firefox months ago, fairly happy I did. Lotsa privacy switches to play with!

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #2086658 Reply

      AceOfAces
      AskWoody Lounger

      Well… Looks like SmartScreen in Chromium Edge blocked the test site. Somebody caught up with it. So…

      Attachments:
    • #2086820 Reply

      anonymous

      Using the Media Creation Tool, I made the jump from Windows 7 Pro 64 bit to Windows 10 Pro 64 bit 1909 last month. I was very nervous, but to my relief, the process went smoothly with all my files and HP printer transferring over.

      When I had Windows 7, I always waited for the DEFCON Level to change before I patched. However, with the “Chain of Fools” issue, I was concerned so I ran the SANS test and it showed “You are Vulnerable”. I updated Google Chrome, and decided to go ahead with the patching. After KB4528760 was installed, I ran the test again, and it was OK.

      Now, I’m being asked to install KB4528760 again. My setting is at “We’ll ask you to download updates…” Should I hold off?

      • #2086827 Reply

        PKCano
        Da Boss

        If you have already installed the CU KB4528760 once, go ahead and let it install again. It will show as having installed twice in the Update History.
        I think that has to do with the fact that the SSU KB4528759 is bundled with the CU, even it does not show in the WU listing. When it installs it presents itself as the SSU. After the install, I think you will find only one KB4528760 in the Installed Updates (not History) along with the SSU that wasn’t listed.

        • #2086941 Reply

          anonymous

          Will do. Thanks, PKCano!

    • #2086828 Reply

      CADesertRat
      AskWoody Plus

      Normally the SSU (by KB#) shows up in Control Panel>Programs and Features> View Installed Updates, at least that’s where mine have shown up.

      Don't take yourself so seriously, no one else does 🙂
      4 Win 10 Pro all 1903 (3 Desktops, 1 Laptop).

    • #2086859 Reply

      HE48AEEXX77WEN4Edbtm
      AskWoody Plus

      I cannot check my computer thru the SANS link because when I do the red message comes up saying the website is unsafe. Against my better judgement, I resumed my updates and successfully installed KB4532938, KB4528760, and KB890830.

      Windows 10 Home 1903 version 18362.592

      Is  there any way to verify if I am vulnerable to CVE-2020-0601?

    • #2086876 Reply

      DriftyDonN
      AskWoody Plus

      I cannot check my computer thru the SANS link because when I do the red message comes up saying the website is unsafe. Against my better judgement, I resumed my updates and successfully installed KB4532938, KB4528760, and KB890830.

      Windows 10 Home 1903 version 18362.592

      Is  there any way to verify if I am vulnerable to CVE-2020-0601?

      If you are using Firefox browser, you are not.

      1 user thanked author for this post.
      • #2086880 Reply

        HE48AEEXX77WEN4Edbtm
        AskWoody Plus

        I am using as a browser Microsoft Edge.

        • #2086937 Reply

          b
          AskWoody Plus

          As you’ve updated to Build 18362.592, I don’t think you need to verify that you’re no longer vulnerable. But if you really want to, you can click on “More information” on that red message, then “Continue to the unsafe site (not recommended)” (assuming it’s the standard Microsoft Defender SmartScreen message). I’ve done this quite a few times now on that SANS site, and there’s nothing unsafe about it (but perhaps Microsoft want to demonstrate that their SmartScreen is protecting us all as if it was a real site with an attack for this new vulnerability).

          Windows 10 Pro Version 2004: Group ASAP (chump/pioneer)

          1 user thanked author for this post.
    • #2087043 Reply

      anonymous

      I’ve updated my Windows 10 to 18362.592 and Chrome to 79.0.3945.130.   BitDefender Total Security is also fully up to date.   I’ve cleared the Chrome cache.  I am still seeing “You are vulnerable” from the SANS test.  Where to go from here?

    • #2087145 Reply

      CaddyH
      AskWoody Plus

      Has anyone else gotten a warning screen about it being a “Malicious Site” when they clicked on the “SANS Test” link posted on Woody’  home page?  Norton warned me to leave the site immediately with a big red screen.  I’m using Windows 10 Edge browser.  I’ve attached a png of the link I clicked on.  Always try to be careful, but I consider AskWoody to be very safe, so it concerned me.  Thanks! SANS-Test-Link

      Attachments:
    • #2087178 Reply

      bbearren
      AskWoody MVP

      Firefox is my browser of choice, and not vulnerable.  In order to check my fully updated Windows 10 Pro 1909 I tried the link in the blog post with Edge, but Malwarebytes Pro blocked the site.

      After adding the site to Malwarebytes’ white list, it opened in Edge, and I’m not vulnerable.

      Create a fresh drive image before making system changes/Windows updates, in case you need to start over!
      "When you're troubleshooting, start with the simple and proceed to the complex."—M.O. Johns
      "Experience is what you get when you're looking for something else."—Sir Thomas Robert Deware

      • This reply was modified 1 month ago by  bbearren.
    • #2087233 Reply

      deuce120
      AskWoody Plus

      I ran the test on my windows 10 Pro version 1809 using Firefox version 68.4.1 ESR and got the “You Are Vulnerable”. Malwarebytes Premium blocked the test so I had to add an exception. Installed the update for the fix. I will soon do the update to 1903, just not crazy about MS’s bi-annual feature updates.

    • #2087268 Reply

      Microfix
      Da Boss

      Ran the vulnerability test on Win8.1 Pro x64 and FF ESR 68.4.1:
      (with January 2020 patch SMQR KB4534297 applied)
      ‘not vulnerable’

      Win7 Pro x64 | Win8.1 Pro x64 | Linux Hybrids x86/x64 | Win7 Pro x86 | W10 never again
    • #2088417 Reply

      anonymous

      I previously posted #2087043 and reported that my fully patched Windows 10 1903/Chrome gave “You are vulnerable”.  I have now resolved this as a Bitdefender artefact.  I had previously skipped the BD warning page in order to see how the underlying browser/OS behaved.

      Unfortunately, this was a rather naive approach.  It seems that the effect saying “show me the page anyway” is to place in the SSL cache an entry for the offending site backed by a BD-supplied certificate rather than the hacked one.   Chrome 79 doesn’t seem to offer an obvious way of clearing the cache, but  Control Panel/Internet Options did the trick.

      1 user thanked author for this post.
      • #2110496 Reply

        anonymous

        I also previously posted  #2086932 and #2087398 and this explains the “You Are Vulnerable” warning that I was getting from the site even though I was both using Firefox and had my system patched. I’m also using Bitdefender, so it looks like this is the explanation I was looking for. This was driving me a little crazy, so thanks for the above post.

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.