A Google researcher has discovered a vulnerabiliy in the SymCrypt cryptographic library of Microsoft’s OS that can trigger a DDoS disruption in Windows 8 servers and above, causing a perpetual operation “when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.”
Today is day 91, so the issue is now public. I consider this relatively low severity, but you could take down an entire Windows fleet relatively easily, so it's worth being aware of. https://t.co/KKa7cOMyfw
— Tavis Ormandy (@taviso) June 11, 2019
Now this is an impressive thing to see on GitHub!
"SymCrypt is the core cryptographic function library currently used by Windows." https://t.co/KJLKDM6oNy
— Kevin Jones 🏳️🌈🇺🇦 (@vcsjones) April 30, 2019
Expert Comments:
Adam Laub, SVP Product Management at STEALTHbits Technologies:
Mounir Hahad, Head at Juniper Threat Labs at Juniper Networks:
The opinions expressed in this article belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.