Sources say Microsoft on Tuesday will fix an extraordinarily scary flaw in all Windows versions, in a core cryptographic component that could be abused to spoof the source of digitally signed software. Apparently DoD & a few others got an advance patchhttps://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/ …
-
Show this thread
-
Replying to @briankrebs
Did they say "spoof the source of digitally signed software", or is that your theory? I don't think authenticode flaws are particularly exciting, there are code execution vulns just *parsing* PE occasionally.
3 replies 7 retweets 67 likes -
Replying to @taviso @briankrebs
What else could it be in a crypto DLL? Not signing. Encryption?
3 replies 0 retweets 14 likes -
Replying to @matthew_d_green @briankrebs
I would hope it's at least a memory corruption parsing ASN.1/X.509/etc if people are panicking, if its just an authenticode defeat.... Then meh
1 reply 2 retweets 22 likes -
Replying to @taviso @briankrebs
Well that would be even more exciting! But we fixed memory corruption in 2010, I’ve heard.
1 reply 0 retweets 10 likes -
Replying to @matthew_d_green @briankrebs
There was a bug recently where some oddball oid allowed local privilege escalation, and I know of a few others with weird behaviour. That wouldn't be a "spoof source of digitally signed software" though, so curious if that was a quote or Brian extrapolating.
1 reply 2 retweets 8 likes -
Automatic Local System ActiveX drive-by downloads from forced CRL checks | md5sum
1 reply 0 retweets 18 likes
Now we're talking 
-
-
auth bypasses are more reliable (100%) than memory corruption exploits.
0 replies 0 retweets 2 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.