So just an Authenticode bypass? Meh. As @taviso said, nothing like an RCE in PE parsing, not even sure what the NSA would do with this.
It might be a fun crypto vuln though!
-
-
Odgovor korisnicima @FiloSottile @taviso
if it requires privileged network active intercept and DNS spoofing for updates, it would be overblown. But as the Zen master said, We'll see...
1 reply 3 proslijeđena tweeta 16 korisnika označava da im se sviđa -
Odgovor korisnicima @kennwhite @taviso
Oh is Authenticode literally the only thing standing between the network and installing updates? Surely they connect via TLS to Microsoft or private network to corporate servers?
6 replies 1 proslijeđeni tweet 8 korisnika označava da im se sviđa -
Connected via TLS that is validated how exactly?
1 proslijeđeni tweet 41 korisnik označava da mu se sviđa -
Are you saying this affects X.509 validation?
1 reply 0 proslijeđenih tweetova 22 korisnika označavaju da im se sviđa -
Indeed I am.
5 replies 5 proslijeđenih tweetova 85 korisnika označava da im se sviđa -
Oooh, now, that's fun.
1 reply 1 proslijeđeni tweet 57 korisnika označava da im se sviđa -
Odgovor korisnicima @FiloSottile @wdormann i sljedećem broju korisnika:
Client cert or similar auth could make this very bad(tm) too....
1 reply 0 proslijeđenih tweetova 10 korisnika označava da im se sviđa -
Odgovor korisnicima @dyn___ @FiloSottile i sljedećem broju korisnika:
I was thinking the same too. This could be more than network MITM if client side certificates can be spoofed.
1 reply 0 proslijeđenih tweetova 7 korisnika označava da im se sviđa -
Odgovor korisnicima @farhanible @dyn___ i sljedećem broju korisnika:
So doesn’t make sense why it’s rated important and not critical. Unless client cert authentication isn’t affected.
1 proslijeđeni tweet 1 korisnik označava da mu se sviđa
I wouldn't rely much on any particular vulnerability importance scoring system in the wild these days. For starters, they're often limited to scoring a vulnerability alone in a vacuum, as opposed to how it's likely to be used with its friends in the real world.
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.