I noticed a bug in SymCrypt, the core library that handles all crypto on Windows. It's a DoS, but this means basically anything that does crypto in Windows can be deadlocked (s/mime, authenticode, ipsec, iis, everything). Microsoft committed to fixing it in 90 days, then didn't.
-
Show this thread
-
Today is day 91, so the issue is now public. I consider this relatively low severity, but you could take down an entire Windows fleet relatively easily, so it's worth being aware of. https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 …
17 replies 274 retweets 613 likesShow this thread -
Replying to @taviso1 reply 1 retweet 19 likes
Replying to @wsxarcher
Yep, they open sourced it, that was after I had already started reporting bugs.
10:14 AM - 11 Jun 2019
0 replies
0 retweets
18 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.