Patch Windows 10 and Server now because certificate validation is broken
"Microsoft's scheduled security update for Windows includes a fix to a potentially dangerous bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source. The vulnerability, reported to Microsoft by the National Security Agency, affects Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server version 1803."
"The vulnerability is in the component of Windows' cryptography library that validates X.509 certificates, somehow bypassing the chain of trust used to validate the certificate. Microsoft's advisory on the vulnerability said that the bug could be used to fake the software-signing certificate on a malicious version of an application, making it look like it came from a trusted developer."
@multiple_creatures indeed, quite the coincidence huh
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!