|
There are isolated problems with current patches, but they are well-known and documented on this site. |
Susan,
I read a short piece about a SSH flaw named Terrapin Attach with CVE-2023-48795. From what I read, the issue is not high enough for Microsoft to issue a patch via Windows Update. Apparently there is a patch available from MS and it has to be installed manually.
Is this on your radar and is it important enough to worry about?
[Moderator edit] split into a new topic
This is a MITM attack so it is very unlikely to be an issue at home / in your business, but may be an issue at public wifi spots.
If you use a VPN when connecting to public wifi you won’t have any issues.
If you don’t use a VPN, don’t connect to anything important on public wifi – wasn’t that always the case?
cheers, Paul
This morning I can’t locate the initial article that mentioned Terrapin Attack. One of the articles is https://jfrog.com/blog/ssh-protocol-flaw-terrapin-attack-cve-2023-48795-all-you-need-to-know/.
From what you and Paul-T wrote, Terrapin Attack is not something I need to worry about and that was the crux of my question.
Thanks to you and Paul_T for the responses.
Roughly 11 million Internet-exposed servers remain susceptible to a recently discovered vulnerability that allows attackers with a foothold inside affected networks. Once they’re in, attackers compromise the integrity of SSH sessions that form the lynchpin for admins to securely connect to computers inside the cloud and other sensitive environments…
Internet-wide scans performed Tuesday, the last day such data was available at the time of reporting, revealed that more than 11 million IP addresses exposing an SSH server remained vulnerable to Terrapin. Nearly a third of those addresses, 3.3 million, resided in the US, followed by China, Russia, Germany, Russia and Singapore. All of the unpatched implementations tracked by Shadowserver supported the required cipher modes…
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Notifications
