Update Windows 10 as soon as possible to patch broken X.509 certificate validation

https://alternativeto.net/news/2020/1/update-windows-10-as-soon-as-possible-to-patch-broken-x-509-certificate-validation/

The United States National Security Agency has released an advisory notifying Small Windows 10 iconWindows 10 users to update their operating system as quickly as possible. The portion of Windows 10’s cryptography library that validates public key certificates that utilize the X.509 standard contains a vulnerability. This vulnerability can be used to forge a software signing certificate with Windows not realizing that it’s fake. This can be used by attackers to dupe users into installing malicious versions of applications.

1 Like

Someone somewhere said that if you don’t patch soon, you won’t know that the patches are coming from Microsoft.

People using Windows…sigh. When will they learn.

1 Like

Never. Where I live, practically every state department, hospitals and that kind of things use windows XP or 7, if were a hacker I would hack them out of fun because it would be so easy to use an exploit that it is years old and can still be applied. These people have important files in there, not such private data, that’s the worst part.

Yes this is extremely concerning but this is a massive problem as hospitals for example need to buy a licence for every machine. I don’t know how many machines in a typical hospital, but it must be in the hundreds. Also, there are specific applications that may break with the upgrade. Also, some of these hospitals may just be lazy and not care about their patient file security.

Munic in Germany switched from Linux back to Windows. The mind boggles.

Complaining about “the others” doesn’t change anything. The same is true for the infamous war of instant messengers. Most people have reasons for things they do, and complaining about other people’s reasons results in forcing others to be like yourself.