What Is the CurveBall Bug? Here’s What You Need to Know 

Today, it was announced that researchers published proof of concept code (essentially, an exercise to determine if an idea is a reality) that exploits a recently patched vulnerability in the Microsoft Windows operating system (OS)The vulnerability, named CurveBall, impacts the components that handle the encryption and decryption mechanisms in the Windows OS, which inherently help protect sensitive information 

How It Works 

So how does this vulnerability work, exactlyFor starters, unsafe sites or filecan disguise themselves as legitimate sites or files in order to take advantage of specific mistakes within Microsoft’s code. When these errors are exploited, CurveBall could allow a hacker to launch man-in-the-middle attacks, which is when a hacker secretly relays and possibly alters the communications between two unsuspecting users. Additionally, the bug could intercept and fake secure web (HTTPS) connections and has the power to fake signatures for files and emailsEssentially, this means a hacker could place harmful files or run undetected malware on a system.  

What It Impacts 

While this code is experimental, there are still questions surrounding what exactly is impacted. According to Microsoft, this affects Windows 10, Windows Server 2019, and Windows Server 2016 OS versions. With three popular operating systems afflicted, as well as this bug’s ability to bypass basic security guarantees, patching is more important than ever. For unpatched systems, malware that takes advantage of this bug won’t be detected and won’t be stopped by security features. 

How to Stay Protected 

Now, what should you do to protect yourself from the CurveBall vulnerability? At McAfee, we are in the process of deploying an update to keep our loyal users secure from this bug. In the meantime, however, there are few things you can to do remain secure. Start by following these tips:  

  • Update your Windows 10 OS to get latest the security patches. 
  • Use caution when surfing the web. 
  • Only open files and emails from trusted sources.  
  • Update your browsers to the latest versions if available.
  • Contact McAfee Support if you have any further questions or need assistance.

To stay on top of McAfee news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

The post What Is the CurveBall Bug? Here’s What You Need to Know  appeared first on McAfee Blogs.

Read more: What Is the CurveBall Bug? Here’s What You Need to Know 

Story added 17. January 2020, content source with full text you can find at link above.