Vulnerability in SymCrypt could allow an attacker to perform DoS on any Windows server

• The vulnerability could allow an attacker to perform DoS on any Windows server such as IPsec, Internet Information Services (IIS), and Microsoft Exchange Server.
• The researcher found out that any program on the system that processes the X.509 digital certificate will trigger the vulnerability causing deadlock.

A vulnerability researcher at Google, Tavis Ormandy, uncovered a vulnerability in the primary cryptographic library of Microsoft’s operating system ‘SymCrypt’. The vulnerability could allow an attacker to perform Denial of Service (Dos) on Windows 8 servers and above.

More details on the vulnerability

Ormandy tested the vulnerability using a specially crafted X.509 digital certificate that prevents completing the verification process and found out that any program on the system that processes the certificate will trigger the vulnerability causing deadlock.

“The vulnerability could cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric,” the researcher said.

The researcher also found out that embedding the certificate in an S/MIME message, authenticode signature, and schannel connection could allow an attacker to perform DoS on any Windows server such as IPsec, Internet Information Services (IIS), and Microsoft Exchange Server, requiring the machine to be rebooted.

Patch still not available

Ormandy notified Microsoft about the issue in March 2019 with a 90-day disclosure deadline. Microsoft acknowledged the issue and promised to come up with the patch within 90 days.

However, the Microsoft Security Response Center (MSRC) informed the researcher that a patch wouldn’t be ready until next month’s release of security updates. This made the researcher release the details of the bug to the public as the 90-day time-frame has lapsed.