Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ …
-
-
The NSA's Neuberger said this wasn't the first vulnerability the agency has reported to Microsoft, but it was the first one for which they accepted credit/attribution when MS asked.
Prikaži ovu nit -
Microsoft has released an advisory for this vulnerability in Win10, Server 2016 and '19. It rated this as a "spoofing" flaw that is "important" in severity, but puts exploitability rating at 1, it's second most severe, i.e. "exploitation more likely." https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 …
Prikaži ovu nit -
NSA's advisory is here: https://twitter.com/NSAGov/status/1217152211056238593 … CERT/CC's take: https://kb.cert.org/vuls/id/849224/
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
In exchange for.......
-
It is probably a calculation. Fixing the vulnerabilities creates more defense, than using them creates offense. In other words, denying Russia, Iran, and NK access by patching is more valuable than hacking them with these vulns.
- Još 1 odgovor
Novi razgovor -
-
-
Their honeis caught it being used by RU hence the proper disclosure?

- Kraj razgovora
Novi razgovor -
-
-
That will be a welcome change, because they've been sitting on zero days they were supposed to disclose.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Aka we are done with this 0 day, feel free to patch now
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
So they must have got that private back door they so badly wanted. Why give up other vulnerabilities, other than to deny them to your competition.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.