sales@siconsult.com

Phone: +44 (0)20 332 70699

Visit Si Engineering

SiConsult Location SiConsult Location SiConsult Location

The Latest Cyber
Intelligence
from Si

Dubbed as CurveBall or ChainOfFools, Microsoft’s latest ‘Patch Tuesday’ revealed a critical vulnerability (CVE-2020-0601) affecting Windows server 2019, 2016 and Windows 10.

How it Works

This spoofing vulnerability is exploited by using a certificate of code-signing to interact and inject malicious executable code, which emulates a trusted file and legitimate code. This vulnerability can be utilised by a malicious actor to trick any software that uses Windows CryptoAPI validation. As a result, the user and the protection solution, such as anti-malware, may be tricked as the malicious file appears to be digitally signed by a trusted provider, such as Microsoft.

The Effects

CurveBall or ChainOfFools is a serious threat, in that any/all signed files using this vulnerability may be regarded as genuine by the security endpoint solutions. Which, in turn, allows the threat to deceive security endpoint detection products and, with it, all contaminated windows machines.

The key issue, however, is in how quickly and effortlessly this vulnerability has, and is, being exploited. Proof-of-concept exploits for CurveBall is being actively followed and discussed within the dark web and is manipulated extensively by malware authors.

Mitigation Recommendations

‘Administrators should be prepared to conduct remediation activities since unpatched endpoints may be compromised. Applying patches to all affected endpoints is recommended, when possible, over prioritizing specific classes of endpoints. Other actions can be taken to protect endpoints in addition to installing patches. Network devices and endpoint logging features may prevent or detect some methods of exploitation, but installing all patches is the most effective mitigation.’ – National Security Agency (NSA)

  • Update operating systems with current released patch level by Microsoft.
  • Update your anti-virus solutions with the latest virus definitions.
  • Monitor your EDR and Anti-malware tools and solutions 24/7 for potential malicious activities.

The Solution

Si Consult ensures that this, and any other emerging threat or vulnerability, cannot and will not influence or evade our detection.

For additional support, reach out to one of our specialists here, and learn how to safeguard your data, business and people from the latest attacks.

New call-to-action

All News

Register and stay up to date with Si’s Cyber Intelligence

Interested in our services?

Do you have a question or need more information?

We would like to hear from you! Please complete the form below and a representative from Si will follow up with you as soon as possible.

Close

Al Barsha Business Point, Office 501, Al Barsha One, P.O. Box 283996, Dubai, UAE

CALL OFFICE EMAIL OFFICE
Close

7 Greenwich View Pl, Canary Wharf, London E14 9NN

CALL OFFICE EMAIL OFFICE
Close

Supreme Headquarters Building, Office 807-810, Survey No. 36, Pune-Bangalore Highway, Baner, Pune 411045, India

CALL OFFICE EMAIL OFFICE

Thank you for your enquiry. We will be in touch shortly.

Thank you for signing up to Si news.

Thank you for your download request. We will email it shortly.

Thank you for your partner registration application. We will be in touch shortly.

Thank you for your enquiry. We will be in touch shortly.

Thank you for your download request. We will email it shortly.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your request has been submitted and you will be contacted within 24 hours.

Thank you – your interest in this event has been submitted and you will be contacted within 24 hours.