|
https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
|
# ? Jan 14, 2020 19:39 |
|
|
# ? May 5, 2024 08:59 |
|
decrypt yourself and face to exploit
|
# ? Jan 14, 2020 19:44 |
|
Shame Boy posted:lol the link is timing out now basically the summary is not publicly disclosed but dead simple exploitability and no mitigations besides patching so enjoy
|
# ? Jan 14, 2020 19:53 |
|
This is a hell of a final public patch for win7 e:nm win10/2016+ because 7 isn't supporting ecc certs
|
# ? Jan 14, 2020 19:54 |
|
nice remote desktop gateway unauth rces as well, cve-2020-0654 must be the most dangerous vuln in it all
|
# ? Jan 14, 2020 19:56 |
|
Owch TLS mitm bugs are never fun, someone is having a very bad couple weeks. I'm not sure why they put code signing first, that's far less mattering.
|
# ? Jan 14, 2020 19:58 |
|
except you can MITM Windows Update
|
# ? Jan 14, 2020 20:01 |
|
apseudonym posted:Owch TLS mitm bugs are never fun, someone is having a very bad couple weeks. Windows Update, SCCM agent, WSUS, Java Updater, Adobe Updater, AV updaters are all going to be using code signature validation to make sure the packages they are running are legit and either already have system privs or will be implicitly trusted by the user if they throw a UAC dialog for update. The TLS intercept is less of a problem if you can still rely on code signing, but you can't and that gives you a pre-built foothold
|
# ? Jan 14, 2020 20:17 |
|
Gonna have fun with this one for years
|
# ? Jan 14, 2020 20:29 |
lain can we return to before this tweet? pretty please?!
|
|
# ? Jan 14, 2020 20:33 |
|
cinci zoo sniper posted:lain can we return to before this tweet? dehumanize yourself and face to Windows 7
|
# ? Jan 14, 2020 20:54 |
|
Lol
|
# ? Jan 14, 2020 20:55 |
|
BangersInMyKnickers posted:Windows Update, SCCM agent, WSUS, Java Updater, Adobe Updater, AV updaters are all going to be using code signature validation to make sure the packages they are running are legit and either already have system privs or will be implicitly trusted by the user if they throw a UAC dialog for update. The TLS intercept is less of a problem if you can still rely on code signing, but you can't and that gives you a pre-built foothold TLS mitms are enough for full device control even without code signing compromises, I've found bugs like this in other things and they are not fun times. E: https://twitter.com/taviso/status/1217157205939519489 apseudonym fucked around with this message at 21:21 on Jan 14, 2020 |
# ? Jan 14, 2020 21:17 |
|
surprised the nsa let this one go, it sounds like their dreams come true. I guess they figured someone else was going to find it soon?
|
# ? Jan 14, 2020 22:02 |
|
Seems like the vulnerability equities process is working
|
# ? Jan 14, 2020 22:07 |
|
NSA and the rest of our government is dependent on Windows the same as anyway else. The cat being out of the bag on this would bite them in the rear end just as much as they could use it, better to disclose. If the NSA is going to backdoor something, it's going to be something much more subtle and harder to discover/exploit
|
# ? Jan 14, 2020 22:09 |
|
yeah, this would get your foot in the door pretty much anywhere in the world, and once you're there you can waltz through everyone's terrible internal security practices.Soricidus posted:surprised the nsa let this one go, it sounds like their dreams come true. I guess they figured someone else was going to find it soon? big question, i think, is going to be how much power you need to exploit it. do you need a state actor budget or an intelligence firm budget? intelligence firm budget means we're already hosed, state actor budget means they probably got to it first.
|
# ? Jan 14, 2020 22:19 |
|
https://twitter.com/matthew_d_green/status/1217193082329808896
|
# ? Jan 14, 2020 22:20 |
|
lol for real https://twitter.com/kennwhite/status/1217186865016602632
|
# ? Jan 14, 2020 22:21 |
|
Windows :
|
# ? Jan 14, 2020 23:48 |
|
GWBBQ posted:or already did SETEC ASTRONOMY
|
# ? Jan 15, 2020 00:43 |
|
Malloc Voidstar posted:https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF If the NSA is going to be doing more disclosures like this I hope it'll improve the quality of vuln disclosure. No clever name or lovely marketing, it's refreshing.
|
# ? Jan 15, 2020 01:13 |
|
apseudonym posted:If the NSA is going to be doing more disclosures like this I hope it'll improve the quality of vuln disclosure. i'm calling this one nsableed and i hope everyone itt follows suit
|
# ? Jan 15, 2020 01:32 |
|
oooh, nosebleed
|
# ? Jan 15, 2020 01:33 |
|
redleader posted:oooh, nosebleed
|
# ? Jan 15, 2020 01:38 |
|
LetsDecrypt
|
# ? Jan 15, 2020 03:17 |
|
ewiley posted:LetsDecrypt
|
# ? Jan 15, 2020 04:11 |
|
redleader posted:oooh, nosebleed
|
# ? Jan 15, 2020 04:20 |
|
pseudorandom name posted:except you can MITM Windows Update not since FLARE
|
# ? Jan 15, 2020 07:03 |
|
and pocs are appearing: https://twitter.com/saleemrash1d/status/1217495681230954506
|
# ? Jan 15, 2020 20:54 |
|
ewiley posted:LetsDecrypt
|
# ? Jan 15, 2020 22:01 |
|
oh joy now the higher ups are spooked because there are POCs out for the windows cert vuln and they're making me inspect every loving boring phishing email to MAKE EXTRA SURE they aren't using one of them
|
# ? Jan 15, 2020 22:45 |
|
Wiggly Wayne DDS posted:and pocs are appearing:
|
# ? Jan 15, 2020 22:51 |
|
possibly stdh, but also, brilliant capturing of hostile resources https://twitter.com/saallyjohnsonn/status/1217190703392067584
|
# ? Jan 15, 2020 23:44 |
|
motoh posted:possibly stdh, but also, brilliant capturing of hostile resources dude has pictures of them:
|
# ? Jan 15, 2020 23:48 |
|
Wiggly Wayne DDS posted:and pocs are appearing: oh drat that’s faster than I expected. Defender can detect the signed binary and FF and chrome will probably throw some errors, but fuuuuuck this sucks
|
# ? Jan 15, 2020 23:56 |
|
CRIP EATIN BREAD posted:dude has pictures of them: good poo poo
|
# ? Jan 16, 2020 00:01 |
|
motoh posted:possibly stdh, but also, brilliant capturing of hostile resources
|
# ? Jan 16, 2020 01:12 |
|
i don't see that anyone pasted the actual details of yesterday's windows vuln. i guess you can spoof any EC-using CA by using the spoofed CA's pubkey as the generator https://twitter.com/tqbf/status/1217518138885115906
|
# ? Jan 16, 2020 01:22 |
|
|
# ? May 5, 2024 08:59 |
|
ok, but apart from this isolated fuckup, crypto is just math and i can safely implement it myself without risking bad consequences, right?
|
# ? Jan 16, 2020 01:30 |