DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
January 22, 2021 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 190 people online.

 

Latest Reviews
ASUS ROG Strix B450-F Gaming Motherboard
Sonos Move
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
 

Follow us
RSS
 

Patch Windows 10 as soon as possible to protect yourself against certificate spoofing

Posted on Wednesday, January 15 2020 @ 10:28:21 CET by


MSFT
This month's dose of Patch Tuesday includes an update for a Windows vulnerability that was discovered by the NSA. Even though it's marked as "important" by Microsoft because it isn't actively exploited in the wild yet, security researchers believe users need to patch as soon as possible as it's a very dangerous bug.

The bug is located in crypt32.dll and compromises authentication on Windows desktops and servers, and also makes it possible to spoof digital signatures. Among other things, the bug makes it possible for malware to pose a a legitimate piece of software.
The vulnerability is in the component of Windows' cryptography library that validates X.509 certificates, somehow bypassing the chain of trust used to validate the certificate. Microsoft's advisory on the vulnerability said that the bug could be used to fake the software-signing certificate on a malicious version of an application, making it look like it came from a trusted developer. However, the risk extends beyond just code-signing. A National Security Agency advisory indicates that the vulnerability could be used for man-in-the-middle attacks against secure HTTP (HTTPS) connections, as well, and to spoof signed files and emails.
Affected versions of Windows include Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server version 1803.



Via: ARS Technica



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2021 DM Media Group bvba