Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ …
-
-
Sources say this disclosure from NSA is planned to be the first of many as part of a new initiative at NSA dubbed "Turn a New Leaf," aimed at making more of the agency's vulnerability research available to major software vendors and ultimately to the public.
Prikaži ovu nit -
The NSA's Neuberger said this wasn't the first vulnerability the agency has reported to Microsoft, but it was the first one for which they accepted credit/attribution when MS asked.
Prikaži ovu nit -
Microsoft has released an advisory for this vulnerability in Win10, Server 2016 and '19. It rated this as a "spoofing" flaw that is "important" in severity, but puts exploitability rating at 1, it's second most severe, i.e. "exploitation more likely." https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 …
Prikaži ovu nit -
NSA's advisory is here: https://twitter.com/NSAGov/status/1217152211056238593 … CERT/CC's take: https://kb.cert.org/vuls/id/849224/
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
That coincides with the release of .NET Framework 4.6 which introduced ECDH and ECDSA. Given "makes trust vulnerable", that points to an ECDSA validation flaw.
- Još 17 drugih odgovora
Novi razgovor -
-
Novi razgovor
-
-
Aha!
@patrickwardle was right.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Looks like Defender has protection for this already: https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=Exploit:Win32/CVE-2020-0601.A&ThreatID=2147749406 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.