Follow

Patch Windows 10 and Server now because certificate validation is broken

"Microsoft's scheduled security update for Windows includes a fix to a potentially dangerous bug that would allow an attacker to spoof a certificate, making it look like it came from a trusted source. The vulnerability, reported to Microsoft by the National Security Agency, affects Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server version 1803."

arstechnica.com/information-te

"The vulnerability is in the component of Windows' cryptography library that validates X.509 certificates, somehow bypassing the chain of trust used to validate the certificate. Microsoft's advisory on the vulnerability said that the bug could be used to fake the software-signing certificate on a malicious version of an application, making it look like it came from a trusted developer."

Show thread
Sign in to participate in the conversation
Ten Forward

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!