Microsoft patches crypt32.dll vulnerability that allows certificate spoofing
Click here to post a comment for Microsoft patches crypt32.dll vulnerability that allows certificate spoofing on our message forum
fantaskarsef
Well... the NSA advises you to install the patch to the discovered vulnerability they discovered... wait, let me get my tin foil, I'll be right back 😀
KissSh0t
386SX
I already posted this yesterday and urged users to update. Yes, it is really THIS bad. If unpatched, you could fall for spoofed certificates because your computer would think they are valid.
VPNs use certificates mostly, because "passwords are weak".
Webservers use certificates to encrypt the connection (online banking, webshops, you name it).
And much much more ....
So please update, at least this update, so you dont fall for this and you protect others by hardening your defense, so your computer wont be turned into a zombie.
BRAAAAAAAAAAAAAIIIIIIIIIIIIIIIIIIIIIIIIIIIINS! 😉
fantaskarsef
I also wonder how the NSA discovered that... what certs they had rigged and suffered from it.
And, iirc, that lately there's been rigged certs for update programs of large companies (Asus?), rigged certs for "security" software (Avira?).
Astyanax
windows 8.1 and 7 are immune 😀
sverek
Mundosold
This might be the nastiest security hole in 15+ years. Even specter/meltdown weren't this bad in terms of real world exploit potential.
Astyanax
mbk1969
Microsoft to Intel: Learn how to make vulnerabilities - more than 20 years and not a single scandal.
Zooke
kakiharaFRS
thanks for the news Guru3d clicked that like/bell update asap
tunejunky
like most of you i'm a bit caught off guard by the NSA acting like a regular joe. so much so, like you, that i'm entirely skeptical of this whole deal.
i still patched it tho 😳
geogan
Only reason NSA would release this information is if they found out enemies were using it too now. Otherwise they would have kept it to themselves and continued using it for ever.
Can you just imagine how many other exploits they know about, are using, and are not telling about?
They are NOT the good guys.
schmidtbag
It's within the NSA's interest to improve security among the general populous, hence the name of the organization. Whether or not you are secure from them is a completely different story. I doubt this patch is making their efforts to spy on you much harder, but, it probably makes it harder for others to do so.
So - if you just accept the fact the NSA is going to watch you no matter what, I'd consider this patch a win.
fry178
@fantaskarsef
unless foil is different where you live, its not tin,
so there is no tinfoil hat you can wear.
kakiharaFRS
https://en.wikipedia.org/wiki/Tin_foil_hat
Rich_Guy
JamesSneed