Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patch https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ …
-
-
Microsoft has released an advisory for this vulnerability in Win10, Server 2016 and '19. It rated this as a "spoofing" flaw that is "important" in severity, but puts exploitability rating at 1, it's second most severe, i.e. "exploitation more likely." https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 …
Prikaži ovu nit -
NSA's advisory is here: https://twitter.com/NSAGov/status/1217152211056238593 … CERT/CC's take: https://kb.cert.org/vuls/id/849224/
Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
-
less than an hour. MS typically starts pushing them out around 1pm ET on Patch Tuesday.
Kraj razgovora
Novi razgovor -
-
-
Where can I see/hear this briefing live?
-
It's not open to the public
- Još 1 odgovor
Novi razgovor -
-
-
Isn’t the point of not accepting credit to glomar knowledge of existence and or associated exploits of any vulnerabilities? Seems in line with the current administration and their inability to think more than zero steps ahead of any actions
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Didn't they patch the flaws revealed by the shadowbrokers prior to them being exploited? (Which they were anyway) At least it was suspected that's what they did.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Sweet. What % known vuln does NSA promptly disclose to MS? ref: NSA once claimed they disclose 90% of their known exploitable vuln (after an undisclosed period), leaving only 10% for weaponization (+ whatever's in undisclosed period).
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Part of me wants to say this is an NSA “image” thing. Right now pretty much everyone thinks of NSA as the people violating the 4th amendment on a daily basis. The other part of me says it’s not since NSA doesn’t care what people think because they are untouchable.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.