Chain of Fools/Curveball Windows CryptoAPI Vulnerability
This weeks patch Tuesday made things really interesting with the announcement by the NSA that Windows Server 2016/2019 and Windows 10 had a critical vulnerability in their CryptoAPI component (Crypt32.dll). Essentially, the vulnerability pertained to how Elliptic Curve Cryptography (ECC) certificates were validated.
There are lots of great write-ups here, here, and a test here. Why did the NSA choose to work with Microsoft on responsible disclose prior to the patch the rather than weaponizing it themselves? Maybe, just maybe, Nation State actors were already exploiting it...
Re: Chain of Fools/Curveball Windows CryptoAPI Vulnerability
My suspicion would be that the NSA already knew about the vulnerability and how to exploit it - possibly a reason they were pushing so hard for ECC to be accepted as the default standard, with a standard curve set.
I'd guess they had a tool capable of exploiting this vulnerability from day 1, but now others have discovered it so they are happy to close this one off and move on to the next zero-day they have in their bag.