Now that it's all public: 1) CVE-2020-0601 - Windows doesn't properly validate X.509 certificate chains. https://www.kb.cert.org/vuls/id/849224/ 2) CVE-2020-0609, CVE-2020-0610 - Windows Remote Desktop Gateway (not to be confused with RDP proper) unauthenticated RCE.https://www.kb.cert.org/vuls/id/491944/
-
-
Show this thread
-
CVE-2020-0601 : Read
@moxie's SSL And The Future Of Authenticity https://moxie.org/blog/ssl-and-the-future-of-authenticity/ … Though in this case it's not a rogue CA, but a Windows flaw that allows a certificate to claim to be issued by a CA that it wasn't. HTTPS spoofing is *one* example. Use your imagination here.pic.twitter.com/YSPnY7HYyh
Show this thread -
CVE-2020-0609 CVE-2020-0610 : Work is already being done on reproducing the Remote Desktop Gateway (RD Gateway) unauthenticated RCE (as SYSTEM). Watch this space.https://twitter.com/MalwareTechBlog/status/1217433253096779776 …
0:07Show this thread
End of conversation
New conversation -
-
-
We still on NT. We good.
- 1 more reply
New conversation -
-
I got 7 emails from various parts of my federal agency employer telling me that ALL MUST PERFORM UPDATES tomorrow. It’s going to be hell for our low-bandwidth edge networks
-
We got a strangely crypic notice from the fed management about this as well.
End of conversation
New conversation -
-
-
Please retweet this every month. kthxbye
-
'xactly
- 1 more reply
New conversation -
-
-
Sounds like the NSA will also recommend you update Windows this month.
-
Naw, I'm sure thier key is "secure"... ROFL
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.