Microsoft patches crypt32.dll vulnerability that allows certificate spoofing
Click here to post a comment for Microsoft patches crypt32.dll vulnerability that allows certificate spoofing on our message forum
fantaskarsef
Well... the NSA advises you to install the patch to the discovered vulnerability they discovered... wait, let me get my tin foil, I'll be right back 😀
KissSh0t
Pfttt... NSA, can you believe they used to try putting listening devices inside our homes?
Hey alexa, play despacito.
386SX
I already posted this yesterday and urged users to update. Yes, it is really THIS bad. If unpatched, you could fall for spoofed certificates because your computer would think they are valid.
VPNs use certificates mostly, because "passwords are weak".
Webservers use certificates to encrypt the connection (online banking, webshops, you name it).
And much much more ....
So please update, at least this update, so you dont fall for this and you protect others by hardening your defense, so your computer wont be turned into a zombie.
BRAAAAAAAAAAAAAIIIIIIIIIIIIIIIIIIIIIIIIIIIINS! 😉
fantaskarsef
I also wonder how the NSA discovered that... what certs they had rigged and suffered from it.
And, iirc, that lately there's been rigged certs for update programs of large companies (Asus?), rigged certs for "security" software (Avira?).
Astyanax
windows 8.1 and 7 are immune 😀
sverek
NSA: hey M$ remember the backdoor we asked you to open?
M$: yeah
NSA: close it, we found better one
M$: oh... ok
Mundosold
This might be the nastiest security hole in 15+ years. Even specter/meltdown weren't this bad in terms of real world exploit potential.
Astyanax
it covered a specific certificate chain which is not widely used.
mbk1969
Microsoft to Intel: Learn how to make vulnerabilities - more than 20 years and not a single scandal.
Zooke
I think the conversation went more along the lines of
NSA Mr X: Holy Shit, has found out about the certificate exploit we have been using for years.
NSA Boss: Damn, let MS know, tell them we only discovered it yesterday. Tell them to publicly thank us too, make people think we have done it for their safety .
NSA Mr X: Spy on everyone for years and still come out of it smelling of roses, that's why you're the boss, Boss.
kakiharaFRS
thanks for the news Guru3d clicked that like/bell update asap
tunejunky
like most of you i'm a bit caught off guard by the NSA acting like a regular joe. so much so, like you, that i'm entirely skeptical of this whole deal.
i still patched it tho 😳
geogan
Only reason NSA would release this information is if they found out enemies were using it too now. Otherwise they would have kept it to themselves and continued using it for ever.
Can you just imagine how many other exploits they know about, are using, and are not telling about?
They are NOT the good guys.
schmidtbag
It's within the NSA's interest to improve security among the general populous, hence the name of the organization. Whether or not you are secure from them is a completely different story. I doubt this patch is making their efforts to spy on you much harder, but, it probably makes it harder for others to do so.
So - if you just accept the fact the NSA is going to watch you no matter what, I'd consider this patch a win.
fry178
@fantaskarsef
unless foil is different where you live, its not tin,
so there is no tinfoil hat you can wear.
kakiharaFRS
https://en.wikipedia.org/wiki/Tin_foil_hat
Rich_Guy
Yeah, should have stuck with those, more secure :P
JamesSneed
Tin foil existed prior to aluminum being invented. The name "tin foil hat" dates back to those days when it was an actual product. The name has simply stuck. I personally think it is a lot easier to say than "aluminum foil hat" so I won't complain.
