Microsoft has released a fix for a dangerous vulnerability affecting thousands of millions of PCs running Windows 10.
This vulnerability was discovered in a special cryptographic component of Windows CryptoAPI, which is several decades old. The component has a number of features, one of which requires developers to digitally sign their software to prove that the software has not been tampered with. But frustration can allow attackers to spoof the relevant software.e, which can make it easier for malware (ransomware) to run on the affected computer.
“The smoker will not be able to know that the file is malicious, so the digital signature must be obtained from a trusted vendor,” Microsoft said.
CERT-CC, the Carnegie Mellon University Vulnerability Disclosure Center, said in a product bulletin that the vulnerability could also be used to intercept and modify HTTPS (or TLS) connections.
How do I use Crunch’s output with other programs?
You will use the Format Crunch output and pipe it to other programs. The two most popular cracking programs are aircrack-ng and airlib-ng. The format is as follows: 1. Starting with version 2.6, Crunch will show hints about how much data to generate.
Microsoft said it found no evidence that attackers are actively exploiting their vulnerability and called the vulnerability “significant.”
Freelance security journalist Brian Krebs was the first to give details of the bug.
The National Security Agency, in a telephone conversation with reporters, confirmed that it had discovered this vulnerability and provided Microsoft with the necessary data so that the company can help create and install a fix.
Just a few years ago, a spy agency continued to be criticized for discovering and exploiting yet another Windows surveillance vulnerability.warnings instead of warning Microsoft about the vulnerability. The agency used the vulnerability to launch an exploit called EternalBlue, which found a way to stealthily access computers through a backdoor. But the exploit was likely later leaked and used to infect computers with thousands of dollars worth of WannaCry ransomware, causing millions of dollars in damage.
Anne Neuberger, director of cybersecurity at the NSA, told TechCrunch that after discovering the vulnerability, she went through the vulnerability assessment process, a decision-making process the government uses to test whether a bug should be kept under control for provocative use. security operations or must be disclosed to the provider. It is not clear if the NSA originally discovered the Offensive Ops bug, it was reported to Microsoft.
Neuberger agreed with Microsoft’s findings that Hadnsa was unable to explain why the attackers were actively exploiting the vulnerability.
Jake Williams, a former NSA hacker and founder of Rendition, told TechCrunch that it’s “reassuring” that the bug wasLiterally disclosed “and not as a weapon.”
Is Crunch texture compression related to AVPRO?
I’m using crunch texture data compression for some of my textures using the project. Maybe if they tell you it’s definitely related to AVPro. Also, I’ve tried and still can’t reproduce it in an empty project with AVPro only. I’ll double check in my project what went wrong.
“This is exactly the kind of error that many will probably find easier to deal with than the average hacker,” he said. “Not so long ago, this would have been the perfect feat for a couple associated with an online middleman access.”
Microsoft reportedly reported the Windows 10 and Windows Server 2016 outages, which were also affected, directly to the US government, the military and a number of leading companies before making the information public on Tuesday. , fears that the vulnerability could be exploited and vulnerable computers could be created during an active attack.
According to TechCrunch sources, the software giant holds a wide and narrow range of information about vulnerabilities, and few employees of the company are fully aware of their world. Only a few outside the company and the NSA, such as the government’s Cybersecurity Advisory Unit, the Cybersecurity and Infrastructure Security Agency, have been informed.
CISA also issued a directive requiring federal agencies to fix vulnerabilities.
Williams said that The next bug, which has now been fixed, is like “a clavicle to bypass any number most commonly associated with endpoint security checks,” he told TechCrunch.
Skilled attackers have long tried to disguise their malware as legitimate software, in some cases obtaining and stealing certificates. Last year, attackers stole your certificate from computer manufacturer Asus in order to sign a backdoor version associated with its software update tool. In fact, “hundreds of thousands” of Asus customers have been compromised with a combat tool available to the company as the owner of the server.
If the certificates are lost or stolen, they can be used to impersonate the main application, allowing the manufacturer to point out the malware and present it as if it was created by another developer.
Dmitry Alperovich, co-founder, director and chief technology officer of security company CrowdStrike, tweeted that the bug found by the NSA is a “critical issue.”
< Block Read>
“It’s great to see such a critical vulnerability being passed on to vendors rather than being weaponized by them.”