Dark Reading

Researchers Pioneer PoC Exploit for NSA-Reported Bug in Windows CryptoAPI

Researchers have developed a proof-of-concept (PoC) exploit for a public x.509 certificate-spoofing vulnerability in the Windows CryptoAPI that the NSA and the National Cyber Security Center (NCSC) ...
Bleeping Computer

Microsoft Fixes Windows CryptoAPI Spoofing Flaw Reported by NSA

Microsoft patched a spoofing vulnerability present in the Windows usermode cryptographic library, CRYPT32.DLL, on Windows 10, Windows Server 2016, and Windows Server 2019 systems. In a media call with ...
HotHardware

An Old NSA-Found Security Threat Is Still Menacing Windows Users And Data Centers

In 2022, the National Security Agency, in conjunction with the U.K’s National Cyber Security Centre, reported a critical vulnerability in the Windows CryptoAPI to Microsoft. While this was patched in ...
Ars Technica

MS CryptoAPI CryptDeriveKey vs. .NET PasswordDeriveBytes.CryptDeriveKey

I'm trying to implement decryption of data in a .Net app that was encrypted via Win32 CryptoAPI (wincrypt). A lot of it has been hit or miss for me, since I'm a native C/C++ dev that gets to play with ...
TechSpot

CryptoAPI bug makes 99% of Windows servers vulnerable

WTF?! Akamai has unveiled a new security threat to Windows-based servers and data center machines based on a dangerous bug Microsoft fixed months ago. However, it seems almost no one bothered to ...
moneycontrol.com

Windows-powered data centres still vulnerable to CryptoAPI bug, says Akamai

A bug in the Windows CryptoAPI is still unpatched on most data centre systems. Security researchers from Akamai said that the bug was discovered and fixed by Microsoft in August 2022, but 99 percent ...