Now that it's all public: 1) CVE-2020-0601 - Windows doesn't properly validate X.509 certificate chains. https://www.kb.cert.org/vuls/id/849224/ 2) CVE-2020-0609, CVE-2020-0610 - Windows Remote Desktop Gateway (not to be confused with RDP proper) unauthenticated RCE.https://www.kb.cert.org/vuls/id/491944/
-
-
Prikaži ovu nit
-
CVE-2020-0601 : Read
@moxie's SSL And The Future Of Authenticity https://moxie.org/blog/ssl-and-the-future-of-authenticity/ … Though in this case it's not a rogue CA, but a Windows flaw that allows a certificate to claim to be issued by a CA that it wasn't. HTTPS spoofing is *one* example. Use your imagination here.pic.twitter.com/YSPnY7HYyh
Prikaži ovu nit -
CVE-2020-0609 CVE-2020-0610 : Work is already being done on reproducing the Remote Desktop Gateway (RD Gateway) unauthenticated RCE (as SYSTEM). Watch this space.https://twitter.com/MalwareTechBlog/status/1217433253096779776 …
0:07Prikaži ovu nit
Kraj razgovora
Novi razgovor -
-
-
We still on NT. We good.
- Još 1 odgovor
Novi razgovor -
-
I got 7 emails from various parts of my federal agency employer telling me that ALL MUST PERFORM UPDATES tomorrow. It’s going to be hell for our low-bandwidth edge networks
- Još 1 odgovor
Novi razgovor -
-
-
Please retweet this every month. kthxbye
- Još 2 druga odgovora
Novi razgovor -
-
-
Sounds like the NSA will also recommend you update Windows this month.
-
Naw, I'm sure thier key is "secure"... ROFL
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.