I noticed a bug in SymCrypt, the core library that handles all crypto on Windows. It's a DoS, but this means basically anything that does crypto in Windows can be deadlocked (s/mime, authenticode, ipsec, iis, everything). Microsoft committed to fixing it in 90 days, then didn't.
-
Show this thread
-
Today is day 91, so the issue is now public. I consider this relatively low severity, but you could take down an entire Windows fleet relatively easily, so it's worth being aware of. https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 …
17 replies 274 retweets 613 likesShow this thread -
Replying to @taviso
Today I'm glad its been years since I had to sysadmin Windows. While I don't have a dog in this disclosure fight, I feel for the poor defenders who rarely get to make patch decisions at this rarefied level. They'll just get blamed for the inevitable intrusions.
1 reply 0 retweets 2 likes
Not sure the intrusions are inevitable with a low severity DoS bug. I think it's more likely the various 0day that were dropped recently and still unpatched might be used, but you're the sysadmin 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.