CVE-2023-35339
📋 TL;DR
This vulnerability in Windows CryptoAPI allows attackers to cause a denial of service (DoS) by sending specially crafted requests that crash the service. It affects Windows systems with CryptoAPI enabled, potentially disrupting cryptographic operations and dependent services.
💻 Affected Systems
- Windows CryptoAPI
📦 What is this software?
Windows 10 1507 by Microsoft
Windows 10 1607 by Microsoft
Windows 10 1809 by Microsoft
Windows 10 21h2 by Microsoft
Windows 10 22h2 by Microsoft
Windows 11 21h2 by Microsoft
Windows 11 22h2 by Microsoft
⚠️ Risk & Real-World Impact
Worst Case
Complete system crash or service disruption affecting all cryptographic operations, potentially impacting authentication, encryption, and secure communications across the system.
Likely Case
Service crashes requiring restart, temporary disruption of applications relying on CryptoAPI for cryptographic functions.
If Mitigated
Minimal impact with proper network segmentation and monitoring; service can be restarted after crash.
🎯 Exploit Status
Exploitation requires sending specially crafted requests to CryptoAPI; no public exploit code known at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Microsoft Security Update for specific KB numbers
Vendor Advisory: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-35339
Restart Required: Yes
Instructions:
1. Apply the latest Windows security updates from Microsoft. 2. Restart the system as required. 3. Verify the patch is installed using Windows Update history.
🔧 Temporary Workarounds
Network Segmentation
allRestrict network access to systems using CryptoAPI to reduce attack surface.
Monitor CryptoAPI Service
windowsImplement monitoring for CryptoAPI service crashes and restart automatically.
sc query cryptsvc
eventvwr.msc to check System logs for Event ID 1000
🧯 If You Can't Patch
- Implement strict network controls to limit access to affected systems.
- Monitor for unusual CryptoAPI activity or service crashes and have incident response procedures ready.
🔍 How to Verify
Check if Vulnerable:
Check Windows Update history for missing security patches related to CVE-2023-35339 or use Microsoft's security update guide.Check Version:
wmic os get caption, version, buildnumberVerify Fix Applied:
Verify the specific KB patch is installed via 'Settings > Update & Security > View update history' or command 'wmic qfe list'.📡 Detection & Monitoring
Log Indicators:
- Event ID 1000 in System logs indicating cryptsvc.exe crash
- Unexpected service stops for CryptoAPI
Network Indicators:
- Unusual network traffic to ports/services using CryptoAPI
- Multiple failed cryptographic requests
SIEM Query:
EventID=1000 AND SourceName='Application Error' AND ProcessName='cryptsvc.exe'