• The morning after — I recommend that you hold off on installing this month’s patches

    Posted on January 15, 2020 at 08:41 CST by Comment in the Forums

    Yes, I know that everyone + brother is now chanting, “Patch, patch, patch!” in response to the NSA-revealed Win10 Crypt32 security hole.

    I say it’s still too early for most Windows users to patch. There aren’t any widely-available exploits, and no large scale attack is imminent. Better to keep your head about you. Let’s see how the patches shake out.

    If you’re in charge of a Server 2012, 2012 R2, 2016 or 2019 based network, and you’re running RDgateway, the story’s much more complicated. See Susan’s post, next, for details.

    We’re still at MS-DEFCON 2, in spite of what the NSA says. (And everybody else, for that matter.)

    Details in Computerworld Woody on Windows.

    By the way, those concerned about CVE-2020-0601 being used to break Windows Update… it ain’t gonna happen. See this Twitter thread. Also, this tweet from Tero Alhonen, quoting yesterday’s Microsoft Security Webcast: “The Crypto API vulnerability could not exploit or in anyway remove the trustworthiness of Windows Update. Windows Updates as you know are multiply signed and it’s not possible to spoof Windows Update binaries using the Crypto API vulnerability.”

    UPDATE: Great explainer from Tal Be’ery on Zengo: Cheating in Elliptic Curve Billiards.

    UPDATE: Saleem Rashid has posted a working Proof of Concept for the Chrome (and presumably Chredge) browser. It throws a NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED error.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    May 2025
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    25262728293031

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.