Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

Topic

New Reply

There’s a simple SANS test to see if your particular browser, running on your particular machine, is susceptible. That doesn’t cover all possibilities
[See the full post at: Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?]

6 users thanked author for this post.

jburk07, deuce120, Nibbled To Death By Ducks, Carl D, Pepsiboy, abbodi86

Reply | Quote

Replies

Legacy Opera 12.18 is semi-vulnerable

if you rejected the certificate, then all is good
if you accept it, you are hooked

the warning is fair 🙂

3 users thanked author for this post.

jburk07, woody, rontpxz81

Reply | Quote

Looks like another good reason to use Firefox. :thumbup:

Reply | Quote

I’m running Firefox on Win 7 and never use IE. However some programs default to IE and it will open- when it does I immediately close it. It makes one consider testing IE on the site but…since my IE almost never gets past the homepage/splashscreen I prefer to wait until the defcon changes before worrying about it.

-firemind

Reply | Quote

I just tested IE 11 on Windows 7, patched through November 2019, on the test page site and got a “NOT Vulnerable” result.

Win 7 Pro, 64-Bit, Group B ESU,Ivy Bridge i3-3110M, 2.4GHz, 4GB, XP Mode VM, WordPerfect

Reply | Quote

“My recommendation is that you install the January Patch Tuesday patches immediately only if you get a “You Are Vulnerable” response from the SANS test page. If you’re all clear, meh, stay out of the unpaid beta-testing pit and hold off on installing the January patches until we have a clearer picture of potential collateral damage.”

This is good advice, however pretty much every enterprise organization is still using IE as default browser and Google Chrome does NOT update automatically all the time, putting countless of those users at risk too.  So pretty much everyone is vulnerable that is not a savvy-tech consumer reading this.

Reply | Quote

No, most organizations are definitely -not- using IE as a default.  Its usage is now under 5%.

 

Reply | Quote

I am seeing the message that “You Are Vulnerable” in SeaMonkey, Firefox and IE. Running Windows 10.

3 users thanked author for this post.

jburk07, dohmixer, woody

Reply | Quote

But not in Firefox, right?

Firefox uses a different cert validation technique. As I understand it.

Reply | Quote

I get a “You Are Vulnerable” warning even though I’m using Firefox. I thought the vulnerability wasn’t supposed to apply to that browser. It even says that on the warning page the site gives me. Does the site happen to throw incorrect warnings if you actually do test it with Firefox or something? I’m not quite sure what gives here. And a warning to others who may get this too: you antivirus may block the site. But don’t get too worried though, that’s what its supposed to do. It’s just a sign your AV is doing its job, nothings wrong with the page.

Reply | Quote

Is your Firefox installation up to date running Version 72.0.1?  I am, and I’m not vulnerable.  I have Firefox set to allow updates automatically.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

1 user thanked author for this post.

jburk07

Reply | Quote

Yes, its fully up to date with version 72.0.1. I constantly make sure its up to date. I’m considering updating Windows 10 in the near future but I’m hesitant to do so for all the obvious reasons. I’m no where near joining the Chicken Little crowd just yet, but Woody did say he thought people should patch if they got the “you are vulnerable” warning. I use Firefox for all my browsing and as far as i can tell its not supposed to be a target for this exploit, but I’m fully aware the vulnerability still exists on my machine until it gets patched. Also, as far as I can tell on the malware front everything that’s out there is proof of concept stuff and even the people hard at work trying to make this stuff work for them still have a bunch off hoops to jump through having to get their target to have a good certificate cached before they can do anything. I’m just going to keep being cautious with my web browsing ect. and stay tuned to see if there are any new developments before I decide to take the plunge and patch.

1 user thanked author for this post.

jburk07

Reply | Quote

I mainly use Firefox, but occasionally use Brave. Firefox, as noted indicated my system was not vulnerable when going to the SANS test page, but Brave indicated it was vulnerable.

I decided to apply the patch updates (after a full image backup). After doing so, and rebooting. Brave still indicated my system was vulnerable. Edge, however, said the system is safe.

I checked the version of Brave I am using and it is Version 1.2.42 Chromium: 79.0.3945.117 (Official Build) (64-bit) and is noted as the latest version. Any thoughts on why Brave continues to indicate vulnerability?

Reply | Quote

>I decided to apply the patch updates (after a full image backup). After doing so, and rebooting. Brave still indicated my system was vulnerable
Try clearing the site cache. That ought to do the trick.

4 users thanked author for this post.

jburk07, BiltmoreLaker, woody, zat_so

Reply | Quote

Thanks! I updated a non-related software program that required another reboot prior to reading this. After checking again, Brave no longer indicates that I am vulnerable.

I’m sure that following your suggestion would have fixed it immediately.

1 user thanked author for this post.

jburk07

Reply | Quote

Just updated Chrome this morning and “test page” states “You are vulnerable”

Google Chrome is up to date

Version 79.0.3945.130 (Official Build) (64-bit)

Win 10 1903 w/December updates installed

2 users thanked author for this post.

jburk07, John

Reply | Quote

That’s interesting, since I have the same Chrome version and I got “You are not vulnerable” on the test.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

jburk07

Reply | Quote

[John]

Agreed @G. Patched chrome fails for me too! (Windows not patched 18363.535 (1909))
(Firefox and Bluemoon are OK, But latest patched Vivaldi is susceptible.)

Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3208), Microsoft 365 Version 2307 (16626.20068)

• This reply was modified 3 years, 8 months ago by John. Reason: Added O/S

1 user thanked author for this post.

jburk07

Reply | Quote

Windows 10 Pro at v1903 current through December updates. I tested Firefox and get Not Vulnerable. I then tested Chrome and get You Are Vulnerable.

Installed the 2020-01 Cumulative Update KB4528760 and still get You Are Vulnerable. Updated Chrome to Version 79.0.3945.130 and still get it.

I don’t know if this means that KB4528760 doesn’t fix the exploit or that the test at https://curveballtest.com/index.html doesn’t really test for the exploit.

Dave

1 user thanked author for this post.

jburk07

Reply | Quote

Installed the 2020-01 Cumulative Update and now Bitdefender will not allow me to open the test site.

Reply | Quote

I think the test page looks pretty iffy. I show OK using chrome with a patched system but looking at the other comments makes me wonder how reliable this test is.

Whats the big deal with installing the update? Its been 3 days since Patch Tuesday and i have not seen any problems reported. Usually by now especially on Ask Woody you would see all kinds of problems Posters are having.

 

Barry
Windows 11 v22H2

1 user thanked author for this post.

abbodi86

Reply | Quote

Good point. It has been three days, and other than installation headaches, I haven’t seen any big bugs either.

Let’s see how the weekend goes.

Reply | Quote

I’m running into some odd behavior.  I’ve patched several test machines and then loaded the curveball test page.  On all but one, the test now shows not vulnerable with both Vivaldi and Chrome.

On one system, though, it shows vulnerable with Vivaldi, but not with Chrome.  All systems have the latest Vivaldi version and are running the same security software.  On the problem system, the January update shows as installed, and the crypt32.dll file shows a new timestamp.  Don’t know why Vivaldi would be showing vulnerable on this one system.

1 user thanked author for this post.

jburk07

Reply | Quote

[Alex5723]

This morning my Chrome (80…) beta was vulnerable, now, Chrome Version 80.0.3987.53 (Official Build) beta (64-bit), is not.
This SANS test of the browsers has nothing to do with patched or non-patched Windows 10 as it doesn’t check the for Jan. 2020 patches/Crypt.api. Patching with Jan. patch Tuesday won’t help your vulnerable browser to turn immune.

• This reply was modified 3 years, 8 months ago by Alex5723.
• This reply was modified 3 years, 8 months ago by Alex5723.

1 user thanked author for this post.

jburk07

Reply | Quote

[Bluetrix]

There doesn’t seem to be a common denominator for pass/fail from the posts I’ve read here.

I do not assume all testing sites are the same, so checking on several sites might be helpful.

Please post the URL where your test was done.

http://testcve.kudelskisecurity.com/

• If you see “Hello World” on the next screen, you’re vulnerable to CVE-2020-0601
• If you get a certificate error, you’re safe!

I just tested at that site, all clear for me.

Windows10 Home 1909  FF 69.0.3

No 1-14-2020 updates

• This reply was modified 3 years, 8 months ago by Bluetrix. Reason: add png
• This reply was modified 3 years, 8 months ago by Bluetrix.

1 user thanked author for this post.

jburk07

Reply | Quote

Testing my Chrome beta on http://testcve.kudelskisecurity.com/. Got :

1 user thanked author for this post.

Bluetrix

Reply | Quote

I also tested on your link with 1809 Pro and Chrome 79. Got the invalid cert. Only Dec patches no Jan patches.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

1 user thanked author for this post.

Bluetrix

Reply | Quote

Firefox (my browser of choice) won’t go there.

Using Edge in 1909 (OS Build 1863.592) fully updated, it won’t go there, either.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

[b]

Alex5723 wrote:

This SANS test of the browsers has nothing to do with patched or non-patched Windows 10 as it doesn’t check the for Jan. 2020 patches/Crypt.api. Patching with Jan. patch Tuesday won’t help your vulnerable browser to turn immune.

That is NOT true.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

• This reply was modified 3 years, 8 months ago by b.

2 users thanked author for this post.

jburk07, bbearren

Reply | Quote

I cleared the Chrome cache after installing the January patch and now get Not Vulnerable. I should have thought of that before…

 

Dave

3 users thanked author for this post.

jburk07, G, davefox

Reply | Quote

Yes, I should have thought of clearing the cache as well.  It cleared up my odd Vivaldi problem.

2 users thanked author for this post.

jburk07, woody

Reply | Quote

I tried the test in IE11 and it showed Not Vulnerable but I also got a popup from AVG Free.

Edition Windows 11 Pro
Version 22H2
Installed on ‎10/‎19/‎2022
OS build 22621.2283

1 user thanked author for this post.

jburk07

Reply | Quote

[Grond]

I’m running Win10 Pro v1903, build 18362.535 and my Chrome default browser (which updated early this morning to v79.0.3945.130) shows as “Not Vulnerable.” I had not previously run the test.
This result was generated about 5 minutes ago. I did not have to clear the browser cache.
I’m using MBAM 4.04 Premium and Windows Security/Defender.

[self-edited for clarity and a typo]

Windows 10 Pro x64 v1909 Desktop PC

• This reply was modified 3 years, 8 months ago by Grond.
• This reply was modified 3 years, 8 months ago by Grond.

1 user thanked author for this post.

jburk07

Reply | Quote

weedacres wrote:

Windows 10 Pro at v1903 current through December updates. I tested Firefox and get Not Vulnerable. I then tested Chrome and get You Are Vulnerable.

Installed the 2020-01 Cumulative Update KB4528760 and still get You Are Vulnerable. Updated Chrome to Version 79.0.3945.130 and still get it.

I don’t know if this means that KB4528760 doesn’t fix the exploit or that the test at https://curveballtest.com/index.html doesn’t really test for the exploit.

Dave

Windows 10 updates have nothing to do with Browsers vulnerability.
Your browser should update for the CVE-2020-0601.

Reply | Quote

Alex5723 wrote:

Windows 10 updates have nothing to do with Browsers vulnerability.
Your browser should update for the CVE-2020-0601.

That’s just not true in this case. Most browsers (Firefox excepted) use Windows’ CryptoAPI (crypt32.dll) to inspect certificates.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

3 users thanked author for this post.

bbearren, woody, AlexEiffel

Reply | Quote

b wrote:

Alex5723 wrote:

Windows 10 updates have nothing to do with Browsers vulnerability.
Your browser should update for the CVE-2020-0601.

That’s just not true in this case. Most browsers (Firefox excepted) use Windows’ CryptoAPI (crypt32.dll) to inspect certificates.

My Chrome in not vulnerable after today’s version update while my Windows 10 1903 was not updated with Jan. patch Tuesday yet.
Look at Mark’s post, below.

Reply | Quote

Alex5723 wrote:

My Chrome in not vulnerable after today’s version update while my Windows 10 1903 was not updated with Jan. patch Tuesday yet.

But you could have fixed it for all browsers by installing the January patch for Windows 10:

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.
CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

Alex5723 wrote:

Look at Mark’s post, below.

That’s must be a different issue; because Windows 7 (any browser) and Firefox (any platform) were never vulnerable.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

Google added “an extra signature check to make sure the chain is reasonably sensible.” to Chrome as a temporary measure which is “”not perfect”, but is good enough for now as users roll out the security updates to their operating systems and Google switches to better verifiers.”

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

So the new ChrEdge doesn’t use Windows 10 Crypto.api as it is not vulnerable on an unpatch Windows 10 ?
Unless ChrEdge has been patched before the release.

Reply | Quote

It does and was.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

Running Win 7 Enterprise at work, patched to the most recent.  Google Chrome Version 78.0.3904.87 (Official Build) (64-bit), Firefox Version 72.0.1 (64-bit), and IE 11 Version 11.0.9600.19540, all give the “You Are Vulnerable” message.

Windows 10 Pro x64 v1909, Windows 7 Home Premium x64, Windows Vista Home Premium x64

Reply | Quote

Didn’t think of clearing Chrome cache either so thought I would do a before and after test/re-check…

The before test now gives the all clear?? (previously vulnerable with latest Chrome update)

Double checked and ‘clear browser’ is NOT automatic.  I did a restart of Chrome after the initial update earlier this morning and still received the “You are Vulnerable” alert. The laptop was in sleep mode while doing an errand; no laptop restart.

https://curveballtest.com/index.html

Summary:  All is good but don’t know how/why.

Reply | Quote

It seems like every time there is an unusual attack method there is a lot of noise saying ‘update now or die a horrible death’. But the fearmongers are ignoring how likely one is to be vulnerable to the attack in the real world not in some carefully crafted lab exercise. It is truly rare that one must patch immediately upon release updates. In those truly rare cases were one might be vulnerable, a little bit of caution is often adequate for the near term until the patch stability is ascertained.

2 users thanked author for this post.

Carl D, Cybertooth

Reply | Quote

Those Web browser tests are utterly useless. If you’re running any Windows 10 version (includes related 2016/2019 server builds) and haven’t patched your system, you’re vulnerable. It’s that simple and time to patch. Don’t get fooled by such-know-it-alls; and there are a lot of these out there these days.

1 user thanked author for this post.

Barry

Reply | Quote

Windows 10 Home 1809 with December 2019 updates installed. I tested Firefox 72.0.1 (64 bit) and got the “You Are Vulnerable” message on the SANS test page.

I’m kinda perplexed: aren’t all Windows 10 versions without the January updates supposed vulnerable? Or does it also depend on the browser? Firefox is stated to be “not vulnerable”, but then why did I get the “You Are Vulnerable message” on the test page?

Given woody’s advice to install the January patches if getting the “You Are Vulnerable” message, I gritted my teeth and let those patches through. Accessing the SANS test page again after completing installation of the patches now gives me a “You Are Not Vulnerable” message.

1 user thanked author for this post.

PKCano

Reply | Quote

Tested on my WIndows 7 machine, the screen message was GREEN instead of RED in the Box noted above and my Norton told me not to go to the website and told me go back to my Homepage, this was for IE 11, yes I know, should not use IE 11. Just testing 🙂

Win 10 Home 22H2

Reply | Quote

FAQ added by Microsoft yesterday:

Are versions older than Windows 10 versions affected by this vulnerability?

No, only Windows 10 versions of the OS are affected. In the initial release of Windows 10 (Build 1507, TH1), Microsoft added support for ECC parameters configuring ECC curves. Prior to this, Windows only supported named ECC curves. The code which added support for ECC parameters also resulted in the certificate validation vulnerability. It was not a regression, and versions of Windows which don’t support ECC parameters configuring ECC curves (Server, 2008, Windows 7, Windows 8.1 and servers) were not affected.

CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

(But Windows Server 2016 and Windows Server 2019 are affected, along with Windows 10 systems.)

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

5 users thanked author for this post.

jburk07, phaolo, Moonbear, woody, Win7and10

Reply | Quote

Running new Edge stable channel on Windows 10 1909, the link Woody posted was blocked by Microsoft Smart Screen.

2 users thanked author for this post.

Win7and10, b

Reply | Quote

Same here with Edge and IE. Firefox got “Not Vulnerable.”

Reply | Quote

When I click on the SANS test that Woody posted, I received a bright red message that this website has been reported unsafe by Microsoft. Any thoughts?

Reply | Quote

You can click More information, then Continue to site if you wish.

I reported it as safe to Microsoft (because it’s SANS Institute ISC).

SmartScreen is doing its job, but I hope an exception can be added.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

I get a smartscreen blocking on this machine.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Have not tested my WIN 10 machine yet and will probably patch over the weekend.

I am running version 1909.

Windows 7 machine is reportedly not effected and will patch when Defcon is reached.

Win 10 Home 22H2

Reply | Quote

Only 10 is vulnerable.

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

jburk07, dgreen

Reply | Quote

Susan: “Only 10 is vulnerable.”

Even so, the Crypto dll has been in all Windows versions since the early 2000’s. The current version of malware targets the one in Windows 10, but now that Win 7 joins the ranks of the “unsupported”, it might become a tempting target, because it still has and will continue to have many millions of users more than macOS or Linux. And those same crooked developers that created the version that attacks Win 10 could turn their hands to something equally nasty for Win 7 and, if they enjoyed doing this enough, also for earlier versions still being used by many, such as XP or Vista.

In any case, browsing while running an old, unsupported OS is not a great idea. But those for whom that is not a sufficient deterrent, at least making sure to keep the browsers updated to their latest versions could improve their rate of survival as owners of un-hijacked PCs and other inconveniences.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Please see Microsoft’s explanation here for why only Windows 10 is affected.

Crooked developers have not yet created any related malware that attacks Win 10.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

3 users thanked author for this post.

jburk07, bbearren, Moonbear

Reply | Quote

Thanks for correcting that mistake. I should have wrote “that might still create…”

Do you ever take a holiday? Just curious.

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

It will be helpful if those posting here about the results of their “vulnerability” tests and other CVE-2020-0601 related experiences actually identify the version of Windows they are running: Windows Vista?, Windows 7? Windows 8? Windows 8.1?, Windows 10 (+ version No.)?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Only 10 is relevant.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

My point, precisely

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

My Win 7 x64 SP1 gets “Not vulnerable” on both IE 11 and Chrome.

Dave

Reply | Quote

lurks about wrote:

It seems like every time there is an unusual attack method there is a lot of noise saying ‘update now or die a horrible death’. But the fearmongers are ignoring how likely one is to be vulnerable to the attack in the real world not in some carefully crafted lab exercise. It is truly rare that one must patch immediately upon release updates. In those truly rare cases were one might be vulnerable, a little bit of caution is often adequate for the near term until the patch stability is ascertained.

Exactly.

Weren’t we all supposed to die a “horrible death” if we didn’t patch 2 years ago when there was a lot of noise (mostly static, it seems) about Meltdown and Spectre?

Still waiting for reports of these being exploited in the wild. Same for the majority of these “security issues” being reported and patched every month.

As I’ve said before – security has become a multi million dollar business these days. Security researchers are seemingly falling over themselves trying to find every little security issue in Windows (and other software, of course) so they can be the first to announce “Oooh… look what we’ve found, aren’t we clever?” And, most importantly, they get paid big dollars for finding all these “flaws”.

MS apparently also want this situation to continue indefinitely because, as I’ve said in the past, it enables them to keep a ‘leash’ on peoples’ computers with the never ending updates.

I always think of Canadian Tech with his 130 Windows 7 client computers which haven’t had a single Windows Update installed since May 2017 (and haven’t had any security issues) every time a new “OMG!! You’re in danger… must patch now!!” security issue appears (I’m expecting an escalation in these now that Windows 7 isn’t getting any more security updates to try and get more people onto Windows 10).

But, having said all that I’ve checked Firefox, Edge and Internet Explorer on my Windows 10 Professional 1909 64bit with the January updates installed and I’m not vulnerable (I always have Macrium Reflect to save me from any Windows Update issues every month).

P.S. where is the cute little logo for this vulnerability? Haven’t seen one yet. I’m most disappointed especially after the nice ones we had for Meltdown, Spectre and BlueKeep.

PC1: Gigabyte B560M D2V Motherboard, Intel i5 11400 CPU, 16GB RAM, NVIDIA GeForce GTX 1650 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 22H2 64bit.
PC2: Asus H81M-PLUS Motherboard, Intel i3-4160 CPU, 16GB RAM, NVIDIA GeForce GTX 1050 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Home 22H2 64bit.

1 user thanked author for this post.

Cybertooth

Reply | Quote

Carl D wrote:

MS apparently also want this situation to continue indefinitely because, as I’ve said in the past, it enables them to keep a ‘leash’ on peoples’ computers with the never ending updates.

Microsoft already has a ‘leash’ on peoples’s computers running licensed copies of Windows, because only Microsoft owns Windows.  Read your EULA for the license terms to which we all agreed by running Windows.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

Reply | Quote

Edge gives the Smart Screen to the SANS test (1809 last patched December 31, 2019) BUT on the https://chainoffools.kudelskisecurity.com/ test it is VULNERABLE.

Vivaldi was vulnerable to SANS test when I first started it today. The strange thing about Vivaldi is that it is set to auto update (whether running or not) and it has not wanted to update in the past few days (last update was Jan 13). So, I clicked on Check for Updates and I was offered an update! I was surprised as it should have already updated. I updated it to 2.10.1745.27, retested, and it is no longer vulnerable to the SANS test. It is also not vulnerable to https://chainoffools.kudelskisecurity.com/ test.

My default browser is Basilisk and 90% of the time I am on it so I am waiting to update Windows 10 until Pausing stops on Feb 4.

1 user thanked author for this post.

Sportsman

Reply | Quote

Just for Fun.

Windows 7 Ultimate  Sp1 ( No updated in over 7 months and only single updates then)

Chain of Fools Link testcve.kudelskisecurity.com/

SlimJet 25.05  – Error Privacy Error NET::ERR_CERT_INVALID

reloading page brings up same message

Ie 8 will not load page (blank)

Firefox 56 – Secure Connection Failed

An error occurred during a connection to chainoffools.kudelskisecurity.com. security library: improperly formatted DER-encoded message. Error code: SEC_ERROR_BAD_DER

Other Link  curveballtest.com/index.html

Slimjet Green

Ie8 No result

Firefox Green

————————————————————————————————————-

Second Computer  Vista Business Sp2

ie 7 Curveball Green

Kudelski Two upper links come up with Can not Display page

Clicking yellow button does nothing

Firefox 52.9 ESR

Curveball Green

Kudelski Sec_Error_bad_Der

SlimJet 10

CurveBall  Green

Kudelski  Net:Err_cert_invalid

 

non Windows Laptop Chromebook Using Built in chrome (Chrome OS 76)

Curveball Green

Kudelski  Net:err_Cert_authority_invalid

I know these are all not Vulerable (Only 10 is) But it was interesting to see the results and the error types for Kudeliski. I will test my test 10 (only used for testing) and see its results

Reply | Quote

Chrome threw your response in the spam bucket for a suspicious link.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

Dalek wrote:

Installed the 2020-01 Cumulative Update and now Bitdefender will not allow me to open the test site.

Hmmm..I did NOT patch and yesterday BD allowed me to get to the

“you are Vulnerable” page. Today BD stopped me…

?

Reply | Quote

[Ascaris]

I’m gonna say “no” to the question in the title:

Waterfox Classic 2020.01  Not vulnerable

Firefox 72.0.1  Not vulnerable

Vivaldi 2.10.1745.26  Not vulnerable

Opera 2.10.1745.26 Not vulnerable

Chromium 81.0.4021.2 Not vulnerable

(On Linux; Windows may differ).

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

• This reply was modified 3 years, 8 months ago by Ascaris.

Reply | Quote

All on Linux? You don’t use Windows.

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

Reply | Quote

Yes, I meant that a bit tongue in cheek, but I edited to make it clearer.

Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
XPG Xenia 15, i7-9750H/16GB & GTX1660ti, KDE Neon
Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11 for maintenance)

1 user thanked author for this post.

b

Reply | Quote

Basilisk 2020.01.12 (64-bit) not vulnerable.

Reply | Quote

I already patched, but I was curious and tried to visit the test page. Firefox 72.0.1 wouldn’t load the page (“certificate error”), and one second later Windows Defender popped up a warning that the network connection was blocked.

Windows 10 Home 64-bit

Reply | Quote

Susan Bradley wrote:

Only 10 is vulnerable.

….and the test page is not for use by firefox according to Bojan on sans page…..

Reply | Quote

Not for use w/ firefox………

https://isc.sans.edu/index_cached.html

Reply | Quote

Now blocked by Malwarebytes Premium.

Reply | Quote

https://curveballtest.com/index.html

Patched Chrome 79.0.3945.130 (Official Build) (64-bit) says, “Not Vulnerable.” But it sure thrashed my drive for 8 minutes while it updated!  After TWO instances of Software Tattle Tale (reporter) going for that long you’d think it had done something…BTW every time I open Chrome lately software_reporter_tool (fool?).exe goes nuts for about 5-8 minutes. (No wonder I don’t use it any more. Maybe it’s hysterical that it HASN’T been used!)

Chrome is my backup browser; changed to Firefox months ago, fairly happy I did. Lotsa privacy switches to play with!

Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
--
"Windows Update? Bah! I could carve a better ecosystem out of a banana!" -Jamrach Holobom

Reply | Quote

Well… Looks like SmartScreen in Chromium Edge blocked the test site. Somebody caught up with it. So…

Reply | Quote

Using the Media Creation Tool, I made the jump from Windows 7 Pro 64 bit to Windows 10 Pro 64 bit 1909 last month. I was very nervous, but to my relief, the process went smoothly with all my files and HP printer transferring over.

When I had Windows 7, I always waited for the DEFCON Level to change before I patched. However, with the “Chain of Fools” issue, I was concerned so I ran the SANS test and it showed “You are Vulnerable”. I updated Google Chrome, and decided to go ahead with the patching. After KB4528760 was installed, I ran the test again, and it was OK.

Now, I’m being asked to install KB4528760 again. My setting is at “We’ll ask you to download updates…” Should I hold off?

Reply | Quote

If you have already installed the CU KB4528760 once, go ahead and let it install again. It will show as having installed twice in the Update History.
I think that has to do with the fact that the SSU KB4528759 is bundled with the CU, even it does not show in the WU listing. When it installs it presents itself as the SSU. After the install, I think you will find only one KB4528760 in the Installed Updates (not History) along with the SSU that wasn’t listed.

Reply | Quote

Will do. Thanks, PKCano!

Reply | Quote

Normally the SSU (by KB#) shows up in Control Panel>Programs and Features> View Installed Updates, at least that’s where mine have shown up.

Don't take yourself so seriously, no one else does 🙂
All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

Reply | Quote

I cannot check my computer thru the SANS link because when I do the red message comes up saying the website is unsafe. Against my better judgement, I resumed my updates and successfully installed KB4532938, KB4528760, and KB890830.

Windows 10 Home 1903 version 18362.592

Is  there any way to verify if I am vulnerable to CVE-2020-0601?

Reply | Quote

HE48AEEXX77WEN4Edbtm wrote:

I cannot check my computer thru the SANS link because when I do the red message comes up saying the website is unsafe. Against my better judgement, I resumed my updates and successfully installed KB4532938, KB4528760, and KB890830.

Windows 10 Home 1903 version 18362.592

Is  there any way to verify if I am vulnerable to CVE-2020-0601?

If you are using Firefox browser, you are not.

1 user thanked author for this post.

HE48AEEXX77WEN4Edbtm

Reply | Quote

I am using as a browser Microsoft Edge.

Reply | Quote

As you’ve updated to Build 18362.592, I don’t think you need to verify that you’re no longer vulnerable. But if you really want to, you can click on “More information” on that red message, then “Continue to the unsafe site (not recommended)” (assuming it’s the standard Microsoft Defender SmartScreen message). I’ve done this quite a few times now on that SANS site, and there’s nothing unsafe about it (but perhaps Microsoft want to demonstrate that their SmartScreen is protecting us all as if it was a real site with an attack for this new vulnerability).

Windows 11 Pro version 22H2 build 22621.2361 + Microsoft 365 + Edge

1 user thanked author for this post.

woody

Reply | Quote

I’ve updated my Windows 10 to 18362.592 and Chrome to 79.0.3945.130.   BitDefender Total Security is also fully up to date.   I’ve cleared the Chrome cache.  I am still seeing “You are vulnerable” from the SANS test.  Where to go from here?

Reply | Quote

Has anyone else gotten a warning screen about it being a “Malicious Site” when they clicked on the “SANS Test” link posted on Woody’  home page?  Norton warned me to leave the site immediately with a big red screen.  I’m using Windows 10 Edge browser.  I’ve attached a png of the link I clicked on.  Always try to be careful, but I consider AskWoody to be very safe, so it concerned me.  Thanks!

Reply | Quote

See above posts.

Reply | Quote

[bbearren]

Firefox is my browser of choice, and not vulnerable.  In order to check my fully updated Windows 10 Pro 1909 I tried the link in the blog post with Edge, but Malwarebytes Pro blocked the site.

After adding the site to Malwarebytes’ white list, it opened in Edge, and I’m not vulnerable.

Always create a fresh drive image before making system changes/Windows updates; you may need to start over!

We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

Computer Specs

• This reply was modified 3 years, 8 months ago by bbearren.

Reply | Quote

I ran the test on my windows 10 Pro version 1809 using Firefox version 68.4.1 ESR and got the “You Are Vulnerable”. Malwarebytes Premium blocked the test so I had to add an exception. Installed the update for the fix. I will soon do the update to 1903, just not crazy about MS’s bi-annual feature updates.

Reply | Quote

Ran the vulnerability test on Win8.1 Pro x64 and FF ESR 68.4.1:
(with January 2020 patch SMQR KB4534297 applied)
‘not vulnerable’

No problem can be solved from the same level of consciousness that created IT- AE

Reply | Quote

I previously posted #2087043 and reported that my fully patched Windows 10 1903/Chrome gave “You are vulnerable”.  I have now resolved this as a Bitdefender artefact.  I had previously skipped the BD warning page in order to see how the underlying browser/OS behaved.

Unfortunately, this was a rather naive approach.  It seems that the effect saying “show me the page anyway” is to place in the SSL cache an entry for the offending site backed by a BD-supplied certificate rather than the hacked one.   Chrome 79 doesn’t seem to offer an obvious way of clearing the cache, but  Control Panel/Internet Options did the trick.

1 user thanked author for this post.

woody

Reply | Quote

I also previously posted  #2086932 and #2087398 and this explains the “You Are Vulnerable” warning that I was getting from the site even though I was both using Firefox and had my system patched. I’m also using Bitdefender, so it looks like this is the explanation I was looking for. This was driving me a little crazy, so thanks for the above post.

Reply | Quote