Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patchhttps://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ …
-
-
What else could it be in a crypto DLL? Not signing. Encryption?
-
I would hope it's at least a memory corruption parsing ASN.1/X.509/etc if people are panicking, if its just an authenticode defeat.... Then meh

- 5 more replies
New conversation -
-
-
Maybe it is possible to spoof & pwn the update process I remember that most of the protection relies in autenticode but in my days of evilgrade. Let's see what is about...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
No one cares about exe/dll signatures because you can always use signed old versions with known vulns. Given the panic, I would assume that it is some core validation flaw that affects many things from signed files, TLS connections, authentication etc. (X.509, Kerberos etc.)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.