Update Windows 10 as soon as possible to patch broken X.509 certificate validation


The United States National Security Agency has released an advisory notifying Small Windows 10 iconWindows 10 users to update their operating system as quickly as possible. The portion of Windows 10’s cryptography library that validates public key certificates that utilize the X.509 standard contains a vulnerability. This vulnerability can be used to forge a software signing certificate with Windows not realizing that it’s fake. This can be used by attackers to dupe users into installing malicious versions of applications.

1 Like

Someone somewhere said that if you don’t patch soon, you won’t know that the patches are coming from Microsoft.

People using Windows…sigh. When will they learn.

1 Like

Never. Where I live, practically every state department, hospitals and that kind of things use windows XP or 7, if were a hacker I would hack them out of fun because it would be so easy to use an exploit that it is years old and can still be applied. These people have important files in there, not such private data, that’s the worst part.

Yes this is extremely concerning but this is a massive problem as hospitals for example need to buy a licence for every machine. I don’t know how many machines in a typical hospital, but it must be in the hundreds. Also, there are specific applications that may break with the upgrade. Also, some of these hospitals may just be lazy and not care about their patient file security.

Munic in Germany switched from Linux back to Windows. The mind boggles.

Complaining about “the others” doesn’t change anything. The same is true for the infamous war of instant messengers. Most people have reasons for things they do, and complaining about other people’s reasons results in forcing others to be like yourself.

1 Like

In relation to the subject: https://darknetdiaries.com/episode/57/

Discusses the activity within Microsoft whenever a major vulnerability is discovered in Windows.

This post was flagged by the community and is temporarily hidden.