PSA for Win 10 users - Update ASAP
If you're running Win 10, you're gonna wanna run updates now.
Certificate authentication is broken wide open; an attacker can pass off malware as a trusted app, or spy on your encrypted communications. No actual exploits reported in the wild yet, but now that the vulnerability is known, expect to see it exploited within days if not hours. More details here if you want them: https://it.slashdot.org/story/20/01/14/2053220/microsoft-patches-major-windows-10-vulnerability-after-nsa-warning https://www.zdnet.com/article/microsoft-fixes-windows-crypto-bug-reported-by-the-nsa/ Last edited by FramFramson on Jan 14, 2020, 6:06:14 PM Last bumped on Jan 17, 2020, 7:47:54 AM
|
|
Firefox doesn't have the problem anyway, so kinda hard to get past the browser to actually work the exploit.
Still that fix was fast, and still the exploit is embarrassing.... frikkin error in TLS implementations always are. On theme trough, this is not a first line exploit used to attack users. It's a second line attack after contact is already established. So while there are many exploit codes out there for that, actual attacks still another system before that. Current Build: Penance Brand
God build?! https://pobb.in/bO32dZtLjji5 |
|