• Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

    Home » Forums » Newsletter and Homepage topics » Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

    Author
    Topic
    #2086216

    There’s a simple SANS test to see if your particular browser, running on your particular machine, is susceptible. That doesn’t cover all possibilities
    [See the full post at: Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?]

    6 users thanked author for this post.
    Viewing 49 reply threads
    Author
    Replies
    • #2086221

      Legacy Opera 12.18 is semi-vulnerable

      if you rejected the certificate, then all is good
      if you accept it, you are hooked

      the warning is fair 🙂

      3 users thanked author for this post.
    • #2086243

      Looks like another good reason to use Firefox. :thumbup:

    • #2086244

      I’m running Firefox on Win 7 and never use IE. However some programs default to IE and it will open- when it does I immediately close it. It makes one consider testing IE on the site but…since my IE almost never gets past the homepage/splashscreen I prefer to wait until the defcon changes before worrying about it.

      -firemind

      • #2086293

        I just tested IE 11 on Windows 7, patched through November 2019, on the test page site and got a “NOT Vulnerable” result.

        Win 7 Pro, 64-Bit, Group B ESU,Ivy Bridge i3-3110M, 2.4GHz, 4GB, XP Mode VM, WordPerfect
    • #2086246

      “My recommendation is that you install the January Patch Tuesday patches immediately only if you get a “You Are Vulnerable” response from the SANS test page. If you’re all clear, meh, stay out of the unpaid beta-testing pit and hold off on installing the January patches until we have a clearer picture of potential collateral damage.”

      This is good advice, however pretty much every enterprise organization is still using IE as default browser and Google Chrome does NOT update automatically all the time, putting countless of those users at risk too.  So pretty much everyone is vulnerable that is not a savvy-tech consumer reading this.

    • #2086250

      I am seeing the message that “You Are Vulnerable” in SeaMonkey, Firefox and IE. Running Windows 10.

      3 users thanked author for this post.
      • #2086381

        But not in Firefox, right?

        Firefox uses a different cert validation technique. As I understand it.

        • #2086932

          I get a “You Are Vulnerable” warning even though I’m using Firefox. I thought the vulnerability wasn’t supposed to apply to that browser. It even says that on the warning page the site gives me. Does the site happen to throw incorrect warnings if you actually do test it with Firefox or something? I’m not quite sure what gives here. And a warning to others who may get this too: you antivirus may block the site. But don’t get too worried though, that’s what its supposed to do. It’s just a sign your AV is doing its job, nothings wrong with the page.

          • #2087179

            Is your Firefox installation up to date running Version 72.0.1?  I am, and I’m not vulnerable.  I have Firefox set to allow updates automatically.

            Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
            We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

            1 user thanked author for this post.
            • #2087398

              Yes, its fully up to date with version 72.0.1. I constantly make sure its up to date. I’m considering updating Windows 10 in the near future but I’m hesitant to do so for all the obvious reasons. I’m no where near joining the Chicken Little crowd just yet, but Woody did say he thought people should patch if they got the “you are vulnerable” warning. I use Firefox for all my browsing and as far as i can tell its not supposed to be a target for this exploit, but I’m fully aware the vulnerability still exists on my machine until it gets patched. Also, as far as I can tell on the malware front everything that’s out there is proof of concept stuff and even the people hard at work trying to make this stuff work for them still have a bunch off hoops to jump through having to get their target to have a good certificate cached before they can do anything. I’m just going to keep being cautious with my web browsing ect. and stay tuned to see if there are any new developments before I decide to take the plunge and patch.

              1 user thanked author for this post.
    • #2086254

      I mainly use Firefox, but occasionally use Brave. Firefox, as noted indicated my system was not vulnerable when going to the SANS test page, but Brave indicated it was vulnerable.

      I decided to apply the patch updates (after a full image backup). After doing so, and rebooting. Brave still indicated my system was vulnerable. Edge, however, said the system is safe.

      I checked the version of Brave I am using and it is Version 1.2.42 Chromium: 79.0.3945.117 (Official Build) (64-bit) and is noted as the latest version. Any thoughts on why Brave continues to indicate vulnerability?

      • #2086269

        >I decided to apply the patch updates (after a full image backup). After doing so, and rebooting. Brave still indicated my system was vulnerable
        Try clearing the site cache. That ought to do the trick.

        4 users thanked author for this post.
        • #2086401

          Thanks! I updated a non-related software program that required another reboot prior to reading this. After checking again, Brave no longer indicates that I am vulnerable.

          I’m sure that following your suggestion would have fixed it immediately.

          1 user thanked author for this post.
    • #2086258

      Just updated Chrome this morning and “test page” states “You are vulnerable”

      Google Chrome is up to date
      Version 79.0.3945.130 (Official Build) (64-bit)
      Win 10 1903 w/December updates installed
      2 users thanked author for this post.
      • #2086277

        That’s interesting, since I have the same Chrome version and I got “You are not vulnerable” on the test.

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

        1 user thanked author for this post.
      • #2086281

        Agreed @G. Patched chrome fails for me too! (Windows not patched 18363.535 (1909))
        (Firefox and Bluemoon are OK, But latest patched Vivaldi is susceptible.)

        Dell Inspiron 7580 i7 16GB Win 10 pro 22H2 (19045.3930), Microsoft 365 Version 2401 (17231.20182) Location: UK

        • This reply was modified 4 years, 1 month ago by John. Reason: Added O/S
        1 user thanked author for this post.
    • #2086270

      Windows 10 Pro at v1903 current through December updates. I tested Firefox and get Not Vulnerable. I then tested Chrome and get You Are Vulnerable.

      Installed the 2020-01 Cumulative Update KB4528760 and still get You Are Vulnerable. Updated Chrome to Version 79.0.3945.130 and still get it.

      I don’t know if this means that KB4528760 doesn’t fix the exploit or that the test at https://curveballtest.com/index.html doesn’t really test for the exploit.

      Dave

      1 user thanked author for this post.
    • #2086279

      Installed the 2020-01 Cumulative Update and now Bitdefender will not allow me to open the test site.

    • #2086280

      I think the test page looks pretty iffy. I show OK using chrome with a patched system but looking at the other comments makes me wonder how reliable this test is.

      Whats the big deal with installing the update? Its been 3 days since Patch Tuesday and i have not seen any problems reported. Usually by now especially on Ask Woody you would see all kinds of problems Posters are having.

       

      Barry
      Windows 11 v22H2

      1 user thanked author for this post.
      • #2086382

        Good point. It has been three days, and other than installation headaches, I haven’t seen any big bugs either.

        Let’s see how the weekend goes.

    • #2086292

      I’m running into some odd behavior.  I’ve patched several test machines and then loaded the curveball test page.  On all but one, the test now shows not vulnerable with both Vivaldi and Chrome.

      On one system, though, it shows vulnerable with Vivaldi, but not with Chrome.  All systems have the latest Vivaldi version and are running the same security software.  On the problem system, the January update shows as installed, and the crypt32.dll file shows a new timestamp.  Don’t know why Vivaldi would be showing vulnerable on this one system.

      1 user thanked author for this post.
    • #2086295

      This morning my Chrome (80…) beta was vulnerable, now, Chrome Version 80.0.3987.53 (Official Build) beta (64-bit), is not.
      This SANS test of the browsers has nothing to do with patched or non-patched Windows 10 as it doesn’t check the for Jan. 2020 patches/Crypt.api. Patching with Jan. patch Tuesday won’t help your vulnerable browser to turn immune.

      • This reply was modified 4 years, 1 month ago by Alex5723.
      • This reply was modified 4 years, 1 month ago by Alex5723.
      1 user thanked author for this post.
      • #2086307

        There doesn’t seem to be a common denominator for pass/fail from the posts I’ve read here.

        I do not assume all testing sites are the same, so checking on several sites might be helpful.

        Please post the URL where your test was done.

        http://testcve.kudelskisecurity.com/

        • If you see “Hello World” on the next screen, you’re vulnerable to CVE-2020-0601
        • If you get a certificate error, you’re safe!

        I just tested at that site, all clear for me.

        cbtest

        Windows10 Home 1909  FF 69.0.3

        No 1-14-2020 updates

        • This reply was modified 4 years, 1 month ago by Bluetrix. Reason: add png
        • This reply was modified 4 years, 1 month ago by Bluetrix.
        1 user thanked author for this post.
        • #2086313

          Testing my Chrome beta on http://testcve.kudelskisecurity.com/. Got :

          1 user thanked author for this post.
        • #2086387

          I also tested on your link with 1809 Pro and Chrome 79. Got the invalid cert. Only Dec patches no Jan patches.

          Don't take yourself so seriously, no one else does 🙂
          All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

          1 user thanked author for this post.
        • #2087183

          Firefox (my browser of choice) won’t go there.

          Connection-Failed

          Using Edge in 1909 (OS Build 1863.592) fully updated, it won’t go there, either.

          Not-Secure

          Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
          We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

      • #2086403

        This SANS test of the browsers has nothing to do with patched or non-patched Windows 10 as it doesn’t check the for Jan. 2020 patches/Crypt.api. Patching with Jan. patch Tuesday won’t help your vulnerable browser to turn immune.

        That is NOT true.

        • This reply was modified 4 years, 1 month ago by b.
        2 users thanked author for this post.
    • #2086301

      I cleared the Chrome cache after installing the January patch and now get Not Vulnerable. I should have thought of that before…

       

      Dave

      3 users thanked author for this post.
    • #2086304

      I tried the test in IE11 and it showed Not Vulnerable but I also got a popup from AVG Free.

      test

      Edition Windows 11 Pro
      Version 23H2
      Installed on ‎10/‎19/‎2022
      OS build 22631.3085

      1 user thanked author for this post.
    • #2086309

      I’m running Win10 Pro v1903, build 18362.535 and my Chrome default browser (which updated early this morning to v79.0.3945.130) shows as “Not Vulnerable.” I had not previously run the test.
      This result was generated about 5 minutes ago. I did not have to clear the browser cache.
      I’m using MBAM 4.04 Premium and Windows Security/Defender.

      [self-edited for clarity and a typo]

      Windows 10 Pro x64 v1909 Desktop PC

      • This reply was modified 4 years, 1 month ago by Grond.
      • This reply was modified 4 years, 1 month ago by Grond.
      1 user thanked author for this post.
    • #2086321

      Windows 10 Pro at v1903 current through December updates. I tested Firefox and get Not Vulnerable. I then tested Chrome and get You Are Vulnerable.

      Installed the 2020-01 Cumulative Update KB4528760 and still get You Are Vulnerable. Updated Chrome to Version 79.0.3945.130 and still get it.

      I don’t know if this means that KB4528760 doesn’t fix the exploit or that the test at https://curveballtest.com/index.html doesn’t really test for the exploit.

      Dave

      Windows 10 updates have nothing to do with Browsers vulnerability.
      Your browser should update for the CVE-2020-0601.

      • #2086325

        Windows 10 updates have nothing to do with Browsers vulnerability.
        Your browser should update for the CVE-2020-0601.

        That’s just not true in this case. Most browsers (Firefox excepted) use Windows’ CryptoAPI (crypt32.dll) to inspect certificates.

        3 users thanked author for this post.
    • #2086330

      Windows 10 updates have nothing to do with Browsers vulnerability.
      Your browser should update for the CVE-2020-0601.

      That’s just not true in this case. Most browsers (Firefox excepted) use Windows’ CryptoAPI (crypt32.dll) to inspect certificates.

      My Chrome in not vulnerable after today’s version update while my Windows 10 1903 was not updated with Jan. patch Tuesday yet.
      Look at Mark’s post, below.

    • #2086332

      Running Win 7 Enterprise at work, patched to the most recent.  Google Chrome Version 78.0.3904.87 (Official Build) (64-bit), Firefox Version 72.0.1 (64-bit), and IE 11 Version 11.0.9600.19540, all give the “You Are Vulnerable” message.

      Windows 10 Pro x64 v1909, Windows 7 Home Premium x64, Windows Vista Home Premium x64
    • #2086333

      Didn’t think of clearing Chrome cache either so thought I would do a before and after test/re-check…

      The before test now gives the all clear?? (previously vulnerable with latest Chrome update)

      Double checked and ‘clear browser’ is NOT automatic.  I did a restart of Chrome after the initial update earlier this morning and still received the “You are Vulnerable” alert. The laptop was in sleep mode while doing an errand; no laptop restart.

      https://curveballtest.com/index.html

      Summary:  All is good but don’t know how/why.

    • #2086339

      It seems like every time there is an unusual attack method there is a lot of noise saying ‘update now or die a horrible death’. But the fearmongers are ignoring how likely one is to be vulnerable to the attack in the real world not in some carefully crafted lab exercise. It is truly rare that one must patch immediately upon release updates. In those truly rare cases were one might be vulnerable, a little bit of caution is often adequate for the near term until the patch stability is ascertained.

      2 users thanked author for this post.
    • #2086341

      Those Web browser tests are utterly useless. If you’re running any Windows 10 version (includes related 2016/2019 server builds) and haven’t patched your system, you’re vulnerable. It’s that simple and time to patch. Don’t get fooled by such-know-it-alls; and there are a lot of these out there these days.

      1 user thanked author for this post.
    • #2086349

      Windows 10 Home 1809 with December 2019 updates installed. I tested Firefox 72.0.1 (64 bit) and got the “You Are Vulnerable” message on the SANS test page.

      I’m kinda perplexed: aren’t all Windows 10 versions without the January updates supposed vulnerable? Or does it also depend on the browser? Firefox is stated to be “not vulnerable”, but then why did I get the “You Are Vulnerable message” on the test page?

      Given woody’s advice to install the January patches if getting the “You Are Vulnerable” message, I gritted my teeth and let those patches through. Accessing the SANS test page again after completing installation of the patches now gives me a “You Are Not Vulnerable” message.

      1 user thanked author for this post.
    • #2086355

      Tested on my WIndows 7 machine, the screen message was GREEN instead of RED in the Box noted above and my Norton told me not to go to the website and told me go back to my Homepage, this was for IE 11, yes I know, should not use IE 11. Just testing 🙂

      Win 10 Home 22H2

    • #2086357

      FAQ added by Microsoft yesterday:

      Are versions older than Windows 10 versions affected by this vulnerability?

      No, only Windows 10 versions of the OS are affected. In the initial release of Windows 10 (Build 1507, TH1), Microsoft added support for ECC parameters configuring ECC curves. Prior to this, Windows only supported named ECC curves. The code which added support for ECC parameters also resulted in the certificate validation vulnerability. It was not a regression, and versions of Windows which don’t support ECC parameters configuring ECC curves (Server, 2008, Windows 7, Windows 8.1 and servers) were not affected.

      CVE-2020-0601 | Windows CryptoAPI Spoofing Vulnerability

      (But Windows Server 2016 and Windows Server 2019 are affected, along with Windows 10 systems.)

      5 users thanked author for this post.
    • #2086359

      Running new Edge stable channel on Windows 10 1909, the link Woody posted was blocked by Microsoft Smart Screen.

      2 users thanked author for this post.
    • #2086361

      When I click on the SANS test that Woody posted, I received a bright red message that this website has been reported unsafe by Microsoft. Any thoughts?

    • #2086366

      Have not tested my WIN 10 machine yet and will probably patch over the weekend.

      I am running version 1909.

      Windows 7 machine is reportedly not effected and will patch when Defcon is reached.

      Win 10 Home 22H2

      • #2086383

        Only 10 is vulnerable.

        Susan Bradley Patch Lady/Prudent patcher

        2 users thanked author for this post.
        • #2086405

          Susan: “Only 10 is vulnerable.

          Even so, the Crypto dll has been in all Windows versions since the early 2000’s. The current version of malware targets the one in Windows 10, but now that Win 7 joins the ranks of the “unsupported”, it might become a tempting target, because it still has and will continue to have many millions of users more than macOS or Linux. And those same crooked developers that created the version that attacks Win 10 could turn their hands to something equally nasty for Win 7 and, if they enjoyed doing this enough, also for earlier versions still being used by many, such as XP or Vista.

          In any case, browsing while running an old, unsupported OS is not a great idea. But those for whom that is not a sufficient deterrent, at least making sure to keep the browsers updated to their latest versions could improve their rate of survival as owners of un-hijacked PCs and other inconveniences.

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

          • #2086409

            Please see Microsoft’s explanation here for why only Windows 10 is affected.

            Crooked developers have not yet created any related malware that attacks Win 10.

            3 users thanked author for this post.
            • #2086411

              Thanks for correcting that mistake. I should have wrote “that might still create…”

              Do you ever take a holiday? Just curious.

              Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

              MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
              Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
              macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2086396

      It will be helpful if those posting here about the results of their “vulnerability” tests and other CVE-2020-0601 related experiences actually identify the version of Windows they are running: Windows Vista?, Windows 7? Windows 8? Windows 8.1?, Windows 10 (+ version No.)?

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2086406

        Only 10 is relevant.

        • #2086408

          My point, precisely

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2086413

      My Win 7 x64 SP1 gets “Not vulnerable” on both IE 11 and Chrome.

      Dave

    • #2086423

      It seems like every time there is an unusual attack method there is a lot of noise saying ‘update now or die a horrible death’. But the fearmongers are ignoring how likely one is to be vulnerable to the attack in the real world not in some carefully crafted lab exercise. It is truly rare that one must patch immediately upon release updates. In those truly rare cases were one might be vulnerable, a little bit of caution is often adequate for the near term until the patch stability is ascertained.

      Exactly.

      Weren’t we all supposed to die a “horrible death” if we didn’t patch 2 years ago when there was a lot of noise (mostly static, it seems) about Meltdown and Spectre?

      Still waiting for reports of these being exploited in the wild. Same for the majority of these “security issues” being reported and patched every month.

      As I’ve said before – security has become a multi million dollar business these days. Security researchers are seemingly falling over themselves trying to find every little security issue in Windows (and other software, of course) so they can be the first to announce “Oooh… look what we’ve found, aren’t we clever?” And, most importantly, they get paid big dollars for finding all these “flaws”.

      MS apparently also want this situation to continue indefinitely because, as I’ve said in the past, it enables them to keep a ‘leash’ on peoples’ computers with the never ending updates.

      I always think of Canadian Tech with his 130 Windows 7 client computers which haven’t had a single Windows Update installed since May 2017 (and haven’t had any security issues) every time a new “OMG!! You’re in danger… must patch now!!” security issue appears (I’m expecting an escalation in these now that Windows 7 isn’t getting any more security updates to try and get more people onto Windows 10).

      But, having said all that I’ve checked Firefox, Edge and Internet Explorer on my Windows 10 Professional 1909 64bit with the January updates installed and I’m not vulnerable (I always have Macrium Reflect to save me from any Windows Update issues every month).

      P.S. where is the cute little logo for this vulnerability? Haven’t seen one yet. I’m most disappointed especially after the nice ones we had for Meltdown, Spectre and BlueKeep.

      Gigabyte B560M D2V Motherboard, Intel i5 11400 CPU, 16GB RAM, NVIDIA GeForce GTX 1650 Graphics Card, 1x Samsung 870 EVO 250GB SSD, 1x Samsung 860 EVO 250GB SSD, Windows 10 Professional 22H2 64bit.

      1 user thanked author for this post.
      • #2087199

        MS apparently also want this situation to continue indefinitely because, as I’ve said in the past, it enables them to keep a ‘leash’ on peoples’ computers with the never ending updates.

        Microsoft already has a ‘leash’ on peoples’s computers running licensed copies of Windows, because only Microsoft owns Windows.  Read your EULA for the license terms to which we all agreed by running Windows.

        Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
        We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2086441

      Edge gives the Smart Screen to the SANS test (1809 last patched December 31, 2019) BUT on the https://chainoffools.kudelskisecurity.com/ test it is VULNERABLE.

      Vivaldi was vulnerable to SANS test when I first started it today. The strange thing about Vivaldi is that it is set to auto update (whether running or not) and it has not wanted to update in the past few days (last update was Jan 13). So, I clicked on Check for Updates and I was offered an update! I was surprised as it should have already updated. I updated it to 2.10.1745.27, retested, and it is no longer vulnerable to the SANS test. It is also not vulnerable to https://chainoffools.kudelskisecurity.com/ test.

      My default browser is Basilisk and 90% of the time I am on it so I am waiting to update Windows 10 until Pausing stops on Feb 4.

      1 user thanked author for this post.
    • #2086443

      Just for Fun.

      Windows 7 Ultimate  Sp1 ( No updated in over 7 months and only single updates then)

      Chain of Fools Link testcve.kudelskisecurity.com/

      SlimJet 25.05  – Error Privacy Error NET::ERR_CERT_INVALID

      reloading page brings up same message

      Ie 8 will not load page (blank)

      Firefox 56 – Secure Connection Failed

      An error occurred during a connection to chainoffools.kudelskisecurity.com. security library: improperly formatted DER-encoded message. Error code: SEC_ERROR_BAD_DER

      Other Link  curveballtest.com/index.html

      Slimjet Green

      Ie8 No result

      Firefox Green

      ————————————————————————————————————-

      Second Computer  Vista Business Sp2

      ie 7 Curveball Green

      Kudelski Two upper links come up with Can not Display page

      Clicking yellow button does nothing

      Firefox 52.9 ESR

      Curveball Green

      Kudelski Sec_Error_bad_Der

      SlimJet 10

      CurveBall  Green

      Kudelski  Net:Err_cert_invalid

       

      non Windows Laptop Chromebook Using Built in chrome (Chrome OS 76)

      Curveball Green

      Kudelski  Net:err_Cert_authority_invalid

      I know these are all not Vulerable (Only 10 is) But it was interesting to see the results and the error types for Kudeliski. I will test my test 10 (only used for testing) and see its results

      • #2086660

        Chrome threw your response in the spam bucket for a suspicious link.

        AW-spam

        Don't take yourself so seriously, no one else does 🙂
        All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #2086478

      Installed the 2020-01 Cumulative Update and now Bitdefender will not allow me to open the test site.

      Hmmm..I did NOT patch and yesterday BD allowed me to get to the

      “you are Vulnerable” page. Today BD stopped me…

      ?

    • #2086479

      I’m gonna say “no” to the question in the title:

      Waterfox Classic 2020.01  Not vulnerable

      Firefox 72.0.1  Not vulnerable

      Vivaldi 2.10.1745.26  Not vulnerable

      Opera 2.10.1745.26 Not vulnerable

      Chromium 81.0.4021.2 Not vulnerable

      (On Linux; Windows may differ).

      Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
      XPG Xenia 15, i7-9750H/32GB & GTX1660ti, KDE Neon
      Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11)

      • This reply was modified 4 years, 1 month ago by Ascaris.
      • #2086482

        All on Linux? You don’t use Windows.

        • #2086488

          Yes, I meant that a bit tongue in cheek, but I edited to make it clearer.

          Dell XPS 13/9310, i5-1135G7/16GB, KDE Neon
          XPG Xenia 15, i7-9750H/32GB & GTX1660ti, KDE Neon
          Acer Swift Go 14, i5-1335U/16GB, KDE Neon (and Win 11)

          1 user thanked author for this post.
          b
      • #2086504

        Basilisk 2020.01.12 (64-bit) not vulnerable.

    • #2086490

      I already patched, but I was curious and tried to visit the test page. Firefox 72.0.1 wouldn’t load the page (“certificate error”), and one second later Windows Defender popped up a warning that the network connection was blocked.

      Windows 10 Home 64-bit

    • #2086494

      Only 10 is vulnerable.

      ….and the test page is not for use by firefox according to Bojan on sans page…..

    • #2086496

      Not for use w/ firefox………

      https://isc.sans.edu/index_cached.html

      Clipboard01

    • #2086520

      Now blocked by Malwarebytes Premium.

    • #2086521

      https://curveballtest.com/index.html

      Patched Chrome 79.0.3945.130 (Official Build) (64-bit) says, “Not Vulnerable.” But it sure thrashed my drive for 8 minutes while it updated!  After TWO instances of Software Tattle Tale (reporter) going for that long you’d think it had done something…BTW every time I open Chrome lately software_reporter_tool (fool?).exe goes nuts for about 5-8 minutes. (No wonder I don’t use it any more. Maybe it’s hysterical that it HASN’T been used!)

      Chrome is my backup browser; changed to Firefox months ago, fairly happy I did. Lotsa privacy switches to play with!

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

    • #2086658

      Well… Looks like SmartScreen in Chromium Edge blocked the test site. Somebody caught up with it. So…

    • #2086820

      Using the Media Creation Tool, I made the jump from Windows 7 Pro 64 bit to Windows 10 Pro 64 bit 1909 last month. I was very nervous, but to my relief, the process went smoothly with all my files and HP printer transferring over.

      When I had Windows 7, I always waited for the DEFCON Level to change before I patched. However, with the “Chain of Fools” issue, I was concerned so I ran the SANS test and it showed “You are Vulnerable”. I updated Google Chrome, and decided to go ahead with the patching. After KB4528760 was installed, I ran the test again, and it was OK.

      Now, I’m being asked to install KB4528760 again. My setting is at “We’ll ask you to download updates…” Should I hold off?

      • #2086827

        If you have already installed the CU KB4528760 once, go ahead and let it install again. It will show as having installed twice in the Update History.
        I think that has to do with the fact that the SSU KB4528759 is bundled with the CU, even it does not show in the WU listing. When it installs it presents itself as the SSU. After the install, I think you will find only one KB4528760 in the Installed Updates (not History) along with the SSU that wasn’t listed.

    • #2086828

      Normally the SSU (by KB#) shows up in Control Panel>Programs and Features> View Installed Updates, at least that’s where mine have shown up.

      Don't take yourself so seriously, no one else does 🙂
      All W10 Pro at 22H2,(2 Desktops, 1 Laptop).

    • #2086859

      I cannot check my computer thru the SANS link because when I do the red message comes up saying the website is unsafe. Against my better judgement, I resumed my updates and successfully installed KB4532938, KB4528760, and KB890830.

      Windows 10 Home 1903 version 18362.592

      Is  there any way to verify if I am vulnerable to CVE-2020-0601?

    • #2086876

      I cannot check my computer thru the SANS link because when I do the red message comes up saying the website is unsafe. Against my better judgement, I resumed my updates and successfully installed KB4532938, KB4528760, and KB890830.

      Windows 10 Home 1903 version 18362.592

      Is  there any way to verify if I am vulnerable to CVE-2020-0601?

      If you are using Firefox browser, you are not.

      1 user thanked author for this post.
      • #2086880

        I am using as a browser Microsoft Edge.

        • #2086937

          As you’ve updated to Build 18362.592, I don’t think you need to verify that you’re no longer vulnerable. But if you really want to, you can click on “More information” on that red message, then “Continue to the unsafe site (not recommended)” (assuming it’s the standard Microsoft Defender SmartScreen message). I’ve done this quite a few times now on that SANS site, and there’s nothing unsafe about it (but perhaps Microsoft want to demonstrate that their SmartScreen is protecting us all as if it was a real site with an attack for this new vulnerability).

          1 user thanked author for this post.
    • #2087043

      I’ve updated my Windows 10 to 18362.592 and Chrome to 79.0.3945.130.   BitDefender Total Security is also fully up to date.   I’ve cleared the Chrome cache.  I am still seeing “You are vulnerable” from the SANS test.  Where to go from here?

    • #2087145

      Has anyone else gotten a warning screen about it being a “Malicious Site” when they clicked on the “SANS Test” link posted on Woody’  home page?  Norton warned me to leave the site immediately with a big red screen.  I’m using Windows 10 Edge browser.  I’ve attached a png of the link I clicked on.  Always try to be careful, but I consider AskWoody to be very safe, so it concerned me.  Thanks! SANS-Test-Link

    • #2087178

      Firefox is my browser of choice, and not vulnerable.  In order to check my fully updated Windows 10 Pro 1909 I tried the link in the blog post with Edge, but Malwarebytes Pro blocked the site.

      After adding the site to Malwarebytes’ white list, it opened in Edge, and I’m not vulnerable.

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We were all once "Average Users". We all have our own reasons for doing the things that we do with our systems, we don't need anyone's approval, and we don't all have to do the same things.

      • This reply was modified 4 years, 1 month ago by bbearren.
    • #2087233

      I ran the test on my windows 10 Pro version 1809 using Firefox version 68.4.1 ESR and got the “You Are Vulnerable”. Malwarebytes Premium blocked the test so I had to add an exception. Installed the update for the fix. I will soon do the update to 1903, just not crazy about MS’s bi-annual feature updates.

    • #2087268

      Ran the vulnerability test on Win8.1 Pro x64 and FF ESR 68.4.1:
      (with January 2020 patch SMQR KB4534297 applied)
      ‘not vulnerable’

      Win8.1/R2 Hybrid lives on...
    • #2088417

      I previously posted #2087043 and reported that my fully patched Windows 10 1903/Chrome gave “You are vulnerable”.  I have now resolved this as a Bitdefender artefact.  I had previously skipped the BD warning page in order to see how the underlying browser/OS behaved.

      Unfortunately, this was a rather naive approach.  It seems that the effect saying “show me the page anyway” is to place in the SSL cache an entry for the offending site backed by a BD-supplied certificate rather than the hacked one.   Chrome 79 doesn’t seem to offer an obvious way of clearing the cache, but  Control Panel/Internet Options did the trick.

      1 user thanked author for this post.
      • #2110496

        I also previously posted  #2086932 and #2087398 and this explains the “You Are Vulnerable” warning that I was getting from the site even though I was both using Firefox and had my system patched. I’m also using Bitdefender, so it looks like this is the explanation I was looking for. This was driving me a little crazy, so thanks for the above post.

    Viewing 49 reply threads
    Reply To: Is your system susceptible to a ChainOfFools/CurveBall CVE-2020-0601 attack?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: