What Is the CurveBall Bug? Here’s What You Need to Know 

By on Jan 16, 2020

Today, it was announced that researchers published proof of concept code (essentially, an exercise to determine if an idea is a reality) that exploits a recently patched vulnerability in the Microsoft Windows operating system (OS). The vulnerability, named CurveBall, impacts the components that handle the encryption and decryption mechanisms in the Windows OS, which inherently help protect sensitive information.

How It Works 

So how does this vulnerability work, exactly? For starters, unsafe sites or files can disguise themselves as legitimate ones.  When this vulnerability is exploited, CurveBall could allow a hacker to launch man-in-the-middle attacks, which is when a hacker secretly relays and possibly alters the communications between two unsuspecting users. Additionally, a hacker could use the vulnerability to intercept and fake secure web (HTTPS) connections or fake signatures for files and emails. Essentially, this means a hacker could place harmful files or run undetected malware on a system.

What It Impacts 

There are still questions surrounding what exactly is impacted by CurveBall, and subsequently what could be affected by the new code. According to Microsoft, CurveBall impacts Windows 10, Windows Server 2019, and Windows Server 2016 OS versions. With three popular operating systems afflicted, and the possibility to bypass basic security safeguards, patching is more important than ever. For unpatched systems, malware that takes advantage of this vulnerability may go undetected and slip past security features.

How to Stay Protected 

Now, what should you do to protect yourself from the CurveBall vulnerability? At McAfee, we are in the process of deploying an update to keep our loyal users secure from this vulnerability. In the meantime, however, there are a few things you should do to do to protect yourself. Start by following these tips:

  • Update your Windows 10 OS to get the latest security patches.
  • Use caution when surfing the web.
  • Only open files and emails from trusted sources.
  • Update your browsers to the latest versions if available.
  • If you are an enterprise customer, please reference KB92329 for information on McAfee enterprise defense from this vulnerability.
  • Contact McAfee Support if you have any further questions or need assistance.

To stay on top of McAfee news and the latest consumer and mobile security threats, be sure to follow @McAfee_Home on Twitter, listen to our podcast Hackable?, and ‘Like’ us on Facebook.

About the Author


McAfee is the device-to-cloud cybersecurity company. Inspired by the power of working together, McAfee creates business and consumer solutions that make our world a safer place. Take a look at our latest blogs.

Read more posts from McAfee

Categories: Consumer

  1. This was a main problem for me that almost led to me getting scammed. On the “Subscription Activation Instructions” located on the back of the card, it reads ‘Go to mcafee.com/activate’ which then takes you to what appears to be a official McAfee home page (which it is not). After entering the product key code, the page reads the product key was accepted but could not be installed and Please contact the number listed for your country. After calling the number, the person stated that I needed a “Hacking Protection Program” that would allow the virus protection to be installed. The fee for this program was : 1 yr – $79.99, 3 yr – $99.99, 5 yr – $124.99 After being bewildered by this, I hung-up and return back to the store where I purchased the virus protection card from. I informed the service tech on what just occurred and after sometime, it was determined to be a page set-up to be identical to the McAfee home page. The thing this site is exploiting is there is no “WWW”.McAfee” only mcafee.com/activate. This is where consumers are being Scammed at. If you look at the card instructions entirely, everywhere else has the “www” in front of McAfee. Please investigate this scam for yourself by typing “mcafee.com/activate” without “www” and how this scam really works.

  2. I have been a McAfee customer for many years. When I tried to renew my subscription it did not appear to go through, I have had the number since the 0/7 /18 so have used it before. I have been bothered with some one calling themselves McAfee trying to scam me.

  3. If I have McAfee to protect my PC, why do I have to buy a new computer, just to get to Windows 10?

Subscribe to McAfee Securing Tomorrow Blogs