• It's the most wonderful time of the year! Make your list and check it twice. The ResetEra Games of the Year 2019 Voting Thread is now live. Voting will be open for the next 1 day, 6 hours, 38 minutes, 40 seconds, and will close on Jan 26, 2020 at 9:00 AM.

Windows 10 users: UPDATE NOW! Certificate validation is broken! (NSA: Critical Vulnerability Advisory issued)

SinkFla

Member
Oct 26, 2017
3,745
Pensacola, Fl
Congrats you've all just downloaded a backdoor .exe that allows the NSA to access your inprivate browsing history and webcam/fap tracker.

jk thanks for the news I need to get home and do this asap lol
 

mhayes86

Member
Oct 27, 2017
1,697
Virginia
I guess this is what the "cryptic tweet" that was coming up from Krebs was referring to when trying to look up January 2020 patches yesterday. We're already working on our 2016 servers.
 

Nooblet

Member
Oct 25, 2017
5,793

Lagamorph

Member
Oct 26, 2017
4,609
I'm rather glad this doesn't look to be impacting Server 2012, that makes my job a LOT easier.
 

Militaratus

The Fallen
Oct 27, 2017
1,061
I am unable to update, currently on Build 19541.rs_prerelease.200102-1216. The Windows Update states there is no new update available!
 

Encephalon

Member
Oct 26, 2017
3,527
Japan
Installing 100%

Dot dot dot

Should it be moving to the next "pending install" after several min?

Edit: oh, it's just misleading. Now it's on 11%
 

kami_sama

Member
Oct 26, 2017
1,969
It downloaded these two, are these the updates? I don't really see microsoft really describing it like it's a big deal. NSA says the update is called " CVE-2020-0601 " but I don't see them being named that. Instead they are called "2020-01 cumulative update for .net...." and "2020-01 cumulative update for windows 10...."

The CVE moniker is to track vulnerabilities, not the update.
 

sweetmini

Member
Jun 12, 2019
1,214
Ah, the day i receive a full screen notification by windows 7 because i MUST UPGRADE BECAUSE I AM OUT OF SUPPORT.
Yeah, not right now buddy, it will wait for the new computer.
 

RPG_Fanatic

Member
Oct 25, 2017
1,284
I computer downloaded an update last night, but I didn't check the update name. Would that be the cumalative update or will there be another one I need to apply when I get home?
 

Omega.X

Member
Oct 28, 2017
281
No update available here on Windows 10 Enterprise LTSC 1809. I thought this effected all versions of Win 10?
 

mhayes86

Member
Oct 27, 2017
1,697
Virginia
It downloaded these two, are these the updates? I don't really see microsoft really describing it like it's a big deal. NSA says the update is called " CVE-2020-0601 " but I don't see them being named that. Instead they are called "2020-01 cumulative update for .net...." and "2020-01 cumulative update for windows 10...."

As the poster above said, the CVE is the vulnerability identifier. Microsoft got a little confusing with their updates a few years ago; the CUs (cumulative updates) bundle a ton of patches together. It'll be in the 2020-01 CU for Windows 10 and Server 2016/2019.
 

YuriLowell

Member
Oct 26, 2017
1,932
Congrats you've all just downloaded a backdoor .exe that allows the NSA to access your inprivate browsing history and webcam/fap tracker.

jk thanks for the news I need to get home and do this asap lol
It's more likely that the NSA already knew about this and once some other nation also figured it out they had to patch.
 

Nerfgun

Member
Oct 25, 2017
4,589
*laughs in Macintosh*

seriously though, wow what a bug. it still astonishes me that we get these crazy cracks every so often. though it shouldn't.
 

firehawk12

Member
Oct 25, 2017
7,111
It's funny because in that Ars article people are wondering why the NSA would help close a vulnerability that would essentially let them spy on anyone they wanted and the speculation is that the risk of people exposing themselves to bad actors is greater than the benefit of being able to spy on them. lol
 

Deer

Member
Oct 29, 2017
227
good, good.

it will change your computing life.
Big Truth right here. I got an SSD around 2015 and it radically changed everything. Computing is a true pleasure nowadays, a singular and pure joy.

I can't stand visiting friends anymore that don't have SSDs, the sluggardly beasts they build their whole lives around make my whole being red, fuming in vexation. And the ease with which they could make that drastic change.. 🐱🏍💽
 

Chikor

Member
Oct 26, 2017
5,199
should I be changing passwords...?
Short answer: no.
Longer, please don't sue me answer: there is no known exploits right now that would be mitigated by changing your passwords. If your machine get compromised an attacker can do a lot of things, including stealing your passwords, but if your machine is compromised, changing your password is not going to help much.
 

Psychotext

Member
Oct 30, 2017
4,751
Ugh, ffs. To do the update I had to do the major windows update... which has basically broken my PC as I'm getting permission errors all over the shop.

Edit - Had to roll it back. It had renamed my user folder and not copied everything over. POS. Oh well, guess I can't install the patch (needs 1903 or higher). Fuckwits.
 
Last edited:
OP
OP
neoak

neoak

Member
Oct 25, 2017
3,343
Ugh, ffs. To do the update I had to do the major windows update... which has basically broken my PC as I'm getting permission errors all over the shop.

Edit - Had to roll it back. It had renamed my user folder and not copied everything over. POS. Oh well, guess I can't install the patch (needs 1903 or higher). Fuckwits.
There is one for 1809 and one for 1803

Yes, but there are multiple versions (cumulative updates):


KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909


KB4534273 - Windows 10 v1809 and Server 2019


KB4534293 - Windows 10 v1803 and Server 2016 v1803
 

Hobbun

Member
Oct 27, 2017
911
Win10 told me I had an update this morning, which happened automatically when I shut down my computer. It will finish the update when I power up after getting home from work.

However, don't know what the update was, I hope it was associated with the one in this thread.
 

Rizific

Member
Oct 27, 2017
2,939
my damn work pc has been trying and failing to update to 1903 for the past year. how do i fix this bs?
 

canonj

Member
Oct 27, 2017
113
Ask Woody, who I trust about these things, says there's no rush to update since there are no exploits yet. I always like to wait a week or two after Patch Tuesday before applying the patches in case they break anything.
 
OP
OP
neoak

neoak

Member
Oct 25, 2017
3,343
Ask Woody, who I trust about these things, says there's no rush to update since there are no exploits yet. I always like to wait a week or two after Patch Tuesday before applying the patches in case they break anything.
Yeah, that's the wrong mindset. The whole point is to prevent it, but sure, listen to the guy with a blog and not to those who actually know how to weaponize this and are warning about it.

People like him is why WannaCry had such a wide reach: people didn't patch.
 
Last edited:

Psychotext

Member
Oct 30, 2017
4,751


Very helpful, lol.

I give up. That's supposedly the 1803 update for x64... but it aint playing ball.