-
Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.
Windows 10 users: UPDATE NOW! Certificate validation is broken! (NSA: Critical Vulnerability Advisory issued)
- Thread starter neoak
- Start date
Congrats you've all just downloaded a backdoor .exe that allows the NSA to access your inprivate browsing history and webcam/fap tracker.
jk thanks for the news I need to get home and do this asap lol
Alternatively: The russians have found our already existing NSA backdoor so please patch it out.
It downloaded these two, are these the updates? I don't really see microsoft really describing it like it's a big deal. NSA says the update is called " CVE-2020-0601 " but I don't see them being named that. Instead they are called "2020-01 cumulative update for .net...." and "2020-01 cumulative update for windows 10...."
I am unable to update, currently on Build 19541.rs_prerelease.200102-1216. The Windows Update states there is no new update available!
Installing 100%
Dot dot dot
Should it be moving to the next "pending install" after several min?
Edit: oh, it's just misleading. Now it's on 11%
Dot dot dot
Should it be moving to the next "pending install" after several min?
Edit: oh, it's just misleading. Now it's on 11%
Been stuck on Getting Things Ready -70% for like an hour...
HAHAHA!
ME TOOO, YIKES!
I computer downloaded an update last night, but I didn't check the update name. Would that be the cumalative update or will there be another one I need to apply when I get home?
Same. Just started though, guess I have a long waitBeen stuck on Getting Things Ready -70% for like an hour...
OP
OP
As the poster above said, the CVE is the vulnerability identifier. Microsoft got a little confusing with their updates a few years ago; the CUs (cumulative updates) bundle a ton of patches together. It'll be in the 2020-01 CU for Windows 10 and Server 2016/2019.
It's more likely that the NSA already knew about this and once some other nation also figured it out they had to patch.
*laughs in Macintosh*
seriously though, wow what a bug. it still astonishes me that we get these crazy cracks every so often. though it shouldn't.
seriously though, wow what a bug. it still astonishes me that we get these crazy cracks every so often. though it shouldn't.
OP
OP
OP
OP
OP
OP
well. this was an unpleasant start of the day
anyway. manually started the update search and downloaded these updates
hope it's all okay now
anyway. manually started the update search and downloaded these updates
hope it's all okay now
It's funny because in that Ars article people are wondering why the NSA would help close a vulnerability that would essentially let them spy on anyone they wanted and the speculation is that the risk of people exposing themselves to bad actors is greater than the benefit of being able to spy on them. lol
Big Truth right here. I got an SSD around 2015 and it radically changed everything. Computing is a true pleasure nowadays, a singular and pure joy.
I can't stand visiting friends anymore that don't have SSDs, the sluggardly beasts they build their whole lives around make my whole being red, fuming in vexation. And the ease with which they could make that drastic change.. 🐱🏍💽
OP
OP
Short answer: no.
Longer, please don't sue me answer: there is no known exploits right now that would be mitigated by changing your passwords. If your machine get compromised an attacker can do a lot of things, including stealing your passwords, but if your machine is compromised, changing your password is not going to help much.
Ugh, ffs. To do the update I had to do the major windows update... which has basically broken my PC as I'm getting permission errors all over the shop.
Edit - Had to roll it back. It had renamed my user folder and not copied everything over. POS. Oh well, guess I can't install the patch (needs 1903 or higher). Fuckwits.
Edit - Had to roll it back. It had renamed my user folder and not copied everything over. POS. Oh well, guess I can't install the patch (needs 1903 or higher). Fuckwits.
Last edited:
OP
OP
There is one for 1809 and one for 1803
Win10 told me I had an update this morning, which happened automatically when I shut down my computer. It will finish the update when I power up after getting home from work.
However, don't know what the update was, I hope it was associated with the one in this thread.
However, don't know what the update was, I hope it was associated with the one in this thread.
OP
OP
Yeah, that's the wrong mindset. The whole point is to prevent it, but sure, listen to the guy with a blog and not to those who actually know how to weaponize this and are warning about it.
People like him is why WannaCry had such a wide reach: people didn't patch.
Last edited:
That's what I did... and then it fucked my install, so warning in advance for anyone going that way!
Thanks neoak for the pointer to the other version of the patch.
edit - LMAO, I can't even install the version that's for my build of Windows.
Last edited:
How forcing Windows to download latest cumulative update fucked up your install?
OP
OP
He went for the feature update because the only KB number listed in the thread was for 1903.
Very helpful, lol.
I give up. That's supposedly the 1803 update for x64... but it aint playing ball.