VeraCrypt 1.15 Fixes Two Recently Reported TrueCrypt Vulnerabilities

By | 23.08.2019

microsoft office standard 2019
Adobe CC All Apps
Email The popular security expert James Forshaw has discovered two critical flaws in the driver that TrueCrypt installs on Windows systems. James Forshaw has discovered two flaws in the driver that TrueCrypt installs on Windows systems. In particular, a team of researcher conducted an analysis that lasted two years and that was arranged in two distinct phases. Security Auditors and Cryptography Experts at NCC decided to analyze TrueCrypt software in response to documents leaked by Edward Snowden that hypothesized the presence of a backdoor in the application. Those who want to read it themselves should do so.
VeraCrypt 1.15 fixes two recently reported TrueCrypt vulnerabilities

Are you still using TrueCrypt? Beware of these 2 critical flaws!

Enable using Secure Desktop for password entry. Use default mount parameters when mounting multiple favorites with password caching. Fix false warning in case of EFI system encryption about Windows not installed on boot drive. Enhancements to EFI bootloader. Add possibility to manually edit EFI configuration file. Driver Security: Use enhanced protection of NX pool under Windows 8 and later. Reduce performance impact of internal check for disconnected network drives.

Minor fixes. OSX Make VeraCrypt default handler of. Add custom VeraCrypt icon to. Check TrueCryptMode in password dialog when opening container file with. Fix executable stack in resulting binary which was caused by crypto assembly files missing the GNU-stack note.

Fix issues raised by Quarkslab audit. Remove GOST89 encryption algorithm. Add test vectors for Kuznyechik. Fix crash on bit machines when creating a volume that uses Streebog as PRF. Fix false positive detection of Evil-Maid attacks in some cases e. Fix wrong password error in the process of copying hidden OS. Fix issues raised by Quarkslab audit: EFI bootloader: Fix various leaks and erase keyboard buffer after password is typed.

Use libzip library for handling zip Rescue Disk file instead of vulnerable XUnzip library. Support EFI system encryption for bit Windows. Perform shutdown instead of reboot during Pre-Test of EFI system encryption to detect incompatible motherboards. Minor GUI and translations fixes. All OSs: Support EFI Windows system encryption limitations: Correctly remove driver file veracrypt.

When no drive letter specified, choose A: Reduce CPU usage caused by the option to disable use of disconnected network drives. Add option and command line switch to hide waiting dialog when performing operations. Allow files drag-n-drop when VeraCrypt is running as elevated process. Fix mount issue on Fedora Fix mount failure when compiling source code using gcc 5. Solve compatibility issue with newer versions of OSXFuse. Add support for creating exFAT volumes.

Add GUI indicator for the amount of randomness gathered using mouse movement. Include new icons and graphics contributed by Andreas Becker http: Fix dll hijacking issue affecting installer that allows code execution with elevation of privilege CVE Reported by Stefan Kanthak http: Solve lost focus issues for after displaying the waiting dialog Solve rare issue where some partitions where asscoiated with wrong disk the “Select Device” dialog.

Implement PIM caching, for both system encryption and normal volumes. Add option to activate it. Workaround to avoid false positive detection by some anti-virus software. Hide disconnected network drives in the list of available drives. Add option to make them available for mounting.

Solve issue that caused in some cases configuration and history XML files to be updated even when not needed. Fix leak of path of selected keyfiles in RAM. Fix issue of –stdin option not handling correctly passwords that contain a space character reported and fixed by Codeplex user horsley Fix issue creating volumes using command line with a filesystem other than FAT. Modify patch for CVE vulnerability to solve side effects on Windows while still making it very hard to abuse drive letter handling.

Fix failure to restore volume header from an external file in some configurations. Add option to restore the old behavior. If mounting using empty password is needed, explicitly specify so in the command line using: Local Elevation of Privilege on Windows by abusing drive letter handling.

Fix regression in mounting of favorite volumes at user logon. Fix display of some Unicode languages e. Chinese in formatting wizard. Allow Application key to open context menu on drive letters list Support specifying volumes size in TB in the GUI command line already supports this 1. Solve option “Cache password in drive memory” always disabled even if checked in preferences. Solve UI language change not taken into account for new install unless a preference is changed.

Implement creating file containers using command line. Support setting volume label in Explorer through mount option or favorite label value.

Always copy both bit and bit executable binaries during install and in Traveler Disk Setup. Traveler Disk will again use bit exe by default while also offering bit exe. On Windows bit, bit exe files are now available e. Don’t offer creating a restore point if it is disabled in Windows. Minors fixes in the installer, GUI and driver. See documentation for more information. Detect Boot Loader tampering “Evil Maid” attacks for system encryption and propose recovery options.

Fix buffer overrun issue and other memory related bugs when parsing language XML files. Fix privacy issue caused by configuration and history files being updated whenever VeraCrypt is used reported by Liran Elharar Fix system favorites not always mounting after cold start. Solve installer error when updating VeraCrypt on Windows Include bit exe files in the installer and deploy them on bit machines for better performances.

Allow using drive letters A: Add manual selection of partition when resuming in-place encryption. Add extra information to displayed error message in order to help analyze reported issues. Disable menu entry for changing system encryption PRF since it’s not yet implemented. When only keyfile specified in command line, don’t try to mount using empty password.

If mounting using empty password is needed, explicitly specify so using: Proper handling of random generator failures. Inform user in such cases. TrueCrypt Mode related changes: Correctly handle file access errors when mounting containers.

Solve several issues reported by the Static Code Analysis too Coverity. Add “Verifying Password When UAC prompt fails for example timeout , offer the user to retry the operation. On uninstall, remove all VeraCrypt references from registry and disk. Included VeraCryptExpander in the Setup. Add option to temporary cache password when mounting multiple favorites.

Minor fixes and enhancements see git history for more information MacOSX: Solve issue volumes not auto-dismounting when quitting VeraCrypt. Solve issue VeraCrypt window not reopening by clicking dock icon. Solve preferences dialog not closing when clicking on the ‘X’ icon.

Solve read-only issue when mounting non-FAT volumes in some cases. Solve various installer issues when running on less common configurations Minor fixes see git history for more information 1.

Change naming of cascades algorithms in GUI for a better description.

TekBits Technology News

A security researcher has found two serious flaws in TrueCrypt. he usually waits seven days after a patch is released to open his bug reports. Since TrueCrypt is no longer actively maintained, the bugs won’t be fixed directly in VeraCrypt that was released Saturday, contains patches for the two. Fix low severity vulnerability inherited from TrueCrypt that allowed reading 3 bytes of kernel stack memory (with a rare possibility of 25 Fix failure to install GUI version under recent versions of KDE. . (September 26th, ). Windows: Fix two TrueCrypt vulnerabilities reported by James Forshaw (Google Project. James Forshaw has discovered two flaws in the driver that TrueCrypt installs on Windows In the second phase, that was recently terminated, the experts examined @vn @VeraCrypt_IDRIX I don’t tend to open up security bug reports until 7 to have been fixed in VeraCrypt, a spin-off of the TrueCrypt original project.

Release Notes

Enable using Secure Desktop for password entry. Use default mount parameters when mounting multiple favorites with password caching. Fix false warning in case of EFI system encryption about Windows not installed on boot drive. Enhancements to EFI bootloader.

Encryption Software on Pocket

Local Elevation of Privilege on Windows by abusing drive letter handling. Fix regression in mounting of favorite volumes at user logon. Fix display of some Unicode languages e.

WATCH VIDEO: Are you still using TrueCrypt? Beware of these 2 critical flaws! | Cyber Defense Magazine

Report to moderator keep these two in mind when backing up your wallet. . There is an alternative to TrueCrypt called VeraCrypt in which the bugs were fixed. has recently discovered two vulnerabilities in the driver that TrueCrypt VeraCrypt that was released Saturday, contains patches for the. If the truecrypt audit comes back clean and if responsible known parties .. VeraCrypt fixes two recently reported TrueCrypt vulnerabilities. They’re at is the version they just released a day or two ago. whether I should trust VeraCrypt over TrueCrypt’s last encryption-enabled release. And as you say, Leo, only their driver is going to get fixed, not the old driver, .. And Michael wrote: “On a recent edition of the Security Now! podcast.

Leave a Reply

Your email address will not be published. Required fields are marked *