New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


SymCrypt Vulnerability May Allow Attackers to Carry Out DoS on Windows Servers

Microsoft’s OS cryptographic library was recently found to have a vulnerability that can allow for DoS attacks on Windows 8 servers and newer. The vulnerability was tested by researchers with a X.509 digital certificate which halts the verification process from being completed. It was then discovered that programs that are running on the system and process the certificate will set the vulnerability off and lead to deadlock. “The vulnerability could cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric,” stated the researcher. If the certificate is embedded within an S/MIME message, authenticode signature, or schannel connection it could possibly lead to DoS attacks on IPsec, Internet Information Services (IIS), and Microsoft Exchange Servers, necessitating a reboot of the machine. Microsoft was made aware of the issue in March and was given a 90-day disclosure deadline to which they responded and said they would honor the request. Since then, Microsoft has stated that a patch will not be available for release until next month and the deadline has passed so the vulnerability details have been released.

Analyst Notes

Users should have a DoS response plan in place for if and when an attack happens. Network infrastructures should be secured as well with advanced intrusion prevention and threat management systems. Users should also be educated on warning signs such as spotty connection, or website shutdowns for a prolonged period of time and know how to respond.