Vulnerability in SymCrypt Could Allow an Attacker to Perform DoS on any Windows Server

Tavis Ormandy, a researcher at Google, found a vulnerability with Microsoft's 'SymCrypt' that attackers could leverage to perform Denial of Service (DoS). He tested the vulnerability with an X.509 digital certificate that was specially crafted to prevent the completion of the verification process. 'The vulnerability could cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric,' Tavis said. There is currently no patch for the vulnerability, but Microsoft has released that the patch will be ready for the July security updates.

Relevant URL(s):