How CVE-2020-0601 the Chain of Fools / Curveball / NSACrypt Attack Affects You

by Sage Driskell

CVE-2020-0601 was announced to the public on January 14, 2020, as a warning about the Cryptographic API in Windows 10 and Server 2019 (there are rumors of Server 2016, but we have not explicitly verified this) and with a patch to resolve the issue on affected machines. As of reporting, there were no known attacks using this attack vector in the wild. Since then, the vulnerability has gotten a name (actually a few names), and some researchers have released proofs of concept.

If you want to validate a system and whether it’s susceptible or not, go to: this test.

What Is It?

CVE-2020-0601 is known by several names now. There’s Curveball and NSACrypt, as well as Chain of Fools. There are several names in circulation, but they all point to the same flaw. Let’s go over what the exploit is first.

Per Microsoft:

A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates.

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software.

The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates.

If we dig a little deeper with newer information, we find the following from cert.org:

The Microsoft Windows CryptoAPI, which is provided by Crypt32.dll, fails to validate ECC certificates in a way that properly leverages the protections that ECC cryptography should provide. As a result, an attacker may be able to craft a certificate that appears to have the ability to be traced to a trusted root certificate authority.

Any software, including third-party non-Microsoft software, that relies on the Windows CertGetCertificateChain() function to determine if an X.509 certificate can be traced to a trusted root CA may incorrectly determine the trustworthiness of a certificate chain.

Microsoft Windows versions that support certificates with ECC keys that specify parameters are affected. This includes Windows 10 as well as Windows Server 2016 and 2019. Windows 8.1 and prior, as well as the Server 2012 R2 and prior counterparts, do not support ECC keys with parameters. For this reason, such certificates that attempt to exploit this vulnerability are inherently untrusted by older Windows versions.

So, a core function in Windows 10 based OSes for determining the key of an ECC cert which has been generated can’t be trusted until this patch is applied. This does not affect older Windows OSes though.

What Is Elliptic-Curve Cryptography (ECC)?

Elliptic-Curve Cryptography (ECC), or ECC is a form of cryptography using a mathematically generated curve algorithm instead of the traditional key method. In short, we’re passing some variables to build a key to an algorithm rather than just passing a big key to do our encryption and decryption (obviously, this is a gross simplification). This means that we use less complexity for stronger encryption (theoretically).

The basis of ECC is the following equation: y² = x³ + ax + b

If we graph an arbitrary example of this, say: y² = x³ – 5x + 10, we get:

A diagram of an ECC curve for: y^2 = x^3 – 5x +10

The way the ECC algorithm works is we draw a line through parts of the curve and let it “bounce” per a known algorithm. We know it will “ricochet” a certain way and with some other conditions we can get a starting and an ending spot where it crosses the curve and bounces across. These numbers will be meaningful with a little data, but almost useless otherwise. There are a lot of equations which will get you the same algorithmic result for a few points, but if you don’t know the parameters, you don’t know the underlying pieces that make up our “key”. This means a smaller key for a harder problem for all intents and purposes.

We won’t really get any further into the math, but basically, as long as we verify all of our points and all of the variables, we’re safe.

Throwing a Curveball

The problem is, for whatever reason, Crypt32.dll doesn’t verify this correctly on certain Windows 10 and Server 2019 builds. One theory is that it’s failing to verify the base point in the equation and is assuming everything is kosher on the math checking out otherwise. Hopefully there is a bit more to this vulnerability, but either way, arbitrary ECC certificates are vulnerable without this patch on certain versions of Windows.

The issue is we’re (almost definitely) doing the math correctly, just Microsoft has decided to take a few shortcuts which compromise the validation of arbitrary ECC algorithms. See the following for a PoC.

How Bad Is It?

It’s a bit scary that something this fundamental is broken on modern Windows, but there’s some good news, it’s really not that bad with a little common sense. You won’t see this issue with Firefox since it doesn’t rely on Cryp32.dll, and other browsers like Chrome have issued patches. Most AV solutions already block the generated certificates, including Windows Defender. A good firewall which inspects SSL certificates can block this as well. Ultimately, this threat has been blocked by most end-user products, the OS, and even theoretically at the network level (transport level in TCP/IP for those of you getting your certs). This also does not impact Windows Update as those are signed using RSA.

The threat has been sold as a huge deal, and it is when used. Fortunately, the attack is non-trivial (at the time of writing) so it requires a significant degree of effort to execute, plus there is requisite setup to pull off the attack. It’s a big deal, but so is a car crash. Drive safely and you probably won’t have an issue and you prevent what you can. At present, this threat is an implementation exploit and not a cryptographic exploit.

CVE-2020-0601: Reacting to the Threat

If you have an advanced firewall which can inspect certificate chains, apply those settings if possible (some apps require certs which are superficially suspicious looking) to stop all of the man-in-the-middle attacks related to this on the internet. Your AV should update itself to stop the other attacks in most scenarios, and if not, be sure to apply the patch for this vulnerability.

This is a good time to apply more secure firewall policies at a site and agent level if possible. This is a vulnerability with the specific implementation of the cryptography and not the math behind it. As long as the cryptography itself is sound, you are too as long as you can prevent the specific implementations from being vulnerable. When you throw on an advanced firewall setting to check this, you add a different way of interpreting the math into the equation and effectively check twice using the same thing implemented differently.

If this had affected Windows 7 or Server 2008 (R2), what would happen? There’s no support and this exploit (despite being relatively harmless with some preparation) would be a much bigger deal for a company and for administrators. Windows 10 has active support, but what if your AV vendor stopped caring as well as the primary OS vendor? This is a great chance to spearhead a forced move away from legacy OSes where possible.

Microsoft re-released its Windows 10 October 2018 Update yesterday, following the company pulling it offline due to data deletion issues over the weekend.

Partner of The 20, and CEO of Cole Informatics, LLC out of Parsons, Tennessee, Terry Cole, made note of these issues on his late last week.

The software giant says there were only a few reports of data loss, at a rate of one one-hundredth of one percent. “We have fully investigated all reports of data loss, identified and fixed all known issues in the update, and conducted internal validation,” says Microsoft’s John Cable, Director of Program Management for Windows Servicing and Delivery.

Microsoft is now re-releasing the Windows 10 October 2018 Update to Windows Insiders, before rolling it out more broadly to consumers. “We will carefully study the results, feedback, and diagnostic data from our Insiders before taking additional steps towards re-releasing more broadly,” explains Cable.

It appears the bug that caused file deletion was related to Windows 10 users who had enabled Known Folder Redirection to redirect folders like desktop, documents, pictures, and screenshots from the default location. Microsoft introduced code in its latest update to delete the empty and duplicate known folders, but it appears they weren’t always empty. Microsoft has developed fixes to address a variety of problems related to these folder moves, and these fixes are now being tested with Windows Insiders.

Speaking of Windows Insiders, Microsoft’s testing community did flag some of these issues ahead of the release. Microsoft appears to acknowledge this as the company is making some changes to the feedback tool for Windows 10 to ensure testers can flag the severity of bug reports. “We have added an ability for users to also provide an indication of impact and severity when filing User Initiated Feedback,” explains Cable. “We expect this will allow us to better monitor the most impactful issues even when feedback volume is low.”

Microsoft will now monitor feedback related to this re-released build of Windows 10 October 2018 Update and will officially launch it to consumers once the company is confident “that there is no further impact” to Windows 10 users. “We are committed to learning from this experience and improving our processes and notification systems to help ensure our customers have a positive experience with our update process,” says Cable.

While we all hope this re-release is a positive one, Microsoft has certain come under fire with its frequent update process. I made note of this in a blog last month that discussed IT admins who are campaigning hard for Microsoft to slow their roll when it comes to their Windows 10 upgrade schedule.

Approximately 78% of more than 1,100 business professionals charged with servicing Windows for their firms said that Windows 10’s feature upgrades — now released twice annually — should be issued no more than once a year.

It would appear that IT administrators are campaigning hard for Microsoft to slow their roll when it comes to their Windows 10 upgrade schedule.

Approximately 78% of more than 1,100 business professionals charged with servicing Windows for their firms said that Windows 10’s feature upgrades — now released twice annually — should be issued no more than once a year. The 78% was split almost evenly, with 39.2% arguing for one upgrade per year while 39.3% picked one every two years from a questionnaire on Windows patching, updating and upgrading.

Only 11% agreed that the current twice-a-year release is their preference, and a very small 1% wanted an even quicker tempo than that.

The questionnaire, created by Susan Bradley, who moderates the PatchManagement.org mailing list, asked administrators about whether feature upgrades are useful to their businesses and if Windows 10 has met company needs. Bradley used the responses to support her plea that Microsoft’s top executives address what she and her colleagues believe is an ongoing deterioration in the quality of Microsoft’s monthly patch updates.

But she also raised the issue of the Windows 10 feature upgrades’ release calendar. “If Microsoft is not realizing that [their] enterprise customers are having issues with the timing of the feature updates, then Microsoft is not listening to their enterprise customers.”

And questionnaire commentary by IT administrators vividly paint the frustration felt from the feature upgrades’ frequency.

“Most feature updates introduce so many bugs and problems,” said one respondent. “With the current pace of releases of new feature updates, the entire IT department is busy constantly dealing with all the problems that follow, instead of spending time on activities that actually create value for users.”

“At twice per year, you’ve barely got over one before you need to do it all again, leading to the temptation to skip every other update,” asserted another.

“This may come as a shock to Microsoft management, but our bonuses aren’t geared to the matrices that their bonuses are geared to,” said another participant. “We have better things to do with our time than run on the treadmill that is their business cycle.”

Windows 10’s upgrade tempo has gone through several iterations since mid-2015, when the OS debuted. Initially, Microsoft envisioned four upgrades annually. In 2015, it released the first upgrade, labeled 1511 using the company’s now standard yymm format, about three and a half months after the original 1507. But then Microsoft issued just one upgrade in 2016, the mid-year 1607.

Shortly after that, Microsoft announced that it was formalizing a two-times-each-year schedule, with March and September as release targets. Since then, it’s delivered 1703 (April 2017), 1709 (October 2017) and 1803 (April 2018); it appears to be on track to release 1809 next month.

To complicate matters, for a time Microsoft extended support from the usual 18 months to 24 months for Windows 10 Enterprise and Windows 10 Education. Microsoft justified the extension – which ended with version 1803 – as necessary because “some customers” asked for more time to migrate from one feature upgrade to another.

With 24 months of support, it was feasible for IT to skip one feature upgrade in any given year. But with the return of 18 months of support, it will again be tough for companies to move all PCs to a supported version before the one currently powering the machines stops receiving patches. That was one reason Gartner Research urged enterprises to pressure Microsoft into making permanent the 24-month support period.

Gartner has assumed that Microsoft will not retreat from its two-times-a-year cadence but that it will be pressured, likely by or before the end of 2020, into making the 24 months of support permanent. While that won’t change the release frequency, it will, Gartner has said, allow adopting just one upgrade each year.

We’ll see what happens.

I’ll end with what Michael Wayland, Managing Director of Byte-Werx in Houston (Elite member of The 20) told me:

With the major releases there are often several unforeseen issues that can crop up. This can cause several hours of downtime for endpoints and cost small businesses money. It’s one reason you want a managed IT department to follow the releases, the issues, and release in a methodical and planned way after lab testing. They’re also available to quickly backstop, remediate, or walk through end-users for issues that arise.