DoD is sending alerts that tomorrow's Microsoft patch must be applied ASAP...some special defense groups have already received and applied it.
What's at stake here is there is a massive exploit in the crypt32.dll file and there is the potential for adversaries to read all of your encrypted traffic, purloin your entire certificate library, and more or less ruin your day.
So apply that friggin' patch ASAP!!!
Yea, flaws in Crypt32.dll that handles all the crypographic APIs.
Or, you could just install Linux.
The patch is labeled CVE-2020-0601 and this needs to be patched RIGHT THE FUCK NOW!!!
NSA, FBI, DoD, pretty much everyone is shitting bricks over this one.
Long and short is Windows 10 and Windows Server (anything) is wide open to exploit until you patch.
Okay: what this exploit does is it allows a hacker/adversary to access your computer or network and manipulate your certificates to make hostile traffic look normal so it can easily transit your firewalls and other protection protocols.
Anyone who wants to steal my worthless identity at this stage of my own personal decline & fall is more than welcome to it. Here's hoping that they have better luck at being me than I ever did.
Thanks, but there's a lifetime of evidence firmly pointing to the contrary.
Excellent. Something else for companies to not patch and me to exploit.
Windows has been checking for updates for 3 days solid.
Downloaded the patch directly yesterday, it's been 'checking for installed updates' since 6 last night.
Updated a customer's laptop yesterday to Win 10, it fails checking for updates.
WTF did Msoft crash?
Sorry Doc, I'm a Debian fan....
Can't we all just throw these evil machines out and go back to talking on the phone, or meeting together for drinks at the golf course?