How would they target me specifically?Someone can use this to install fake updates that are automatically trusted by Windows.
How would they target me specifically?Someone can use this to install fake updates that are automatically trusted by Windows.
What does this mean exactly? When I read shit like this all I see is a transcript of the Charlie Brown teacher
The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. The component has a range of functions, one of which allows developers to digitally sign their software, proving that the software has not been tampered with. But the bug may allow attackers to spoof legitimate software, potentially making it easier to run malicious software — like ransomware — on a vulnerable computer.
"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," Microsoft said.
yeah, I'm downloading everything right now. Maybe the glitch won't happen again this time... not counting on it though.
Ever heard of Ransomware?
Yeah, but wouldn't I need to specifically download a malicious file?
You're telling me you aren't downloading malicious files on the daily?Yeah, but wouldn't I need to specifically download a malicious file?
Ever heard of malicious ads?Yeah, but wouldn't I need to specifically download a malicious file?
Yes
Ever heard of malicious ads?
Anything you download off the web can be malicious.
Definitely. People think that they can't be affected by stuff, which isn't true.The old adage of "just don't click anything suspicious" or "just don't be stupid" on the internet is no longer relevant. Malicious ads, injected scripts, can and do download files to your PC. These ads are inserted into legitimate websites and inserted scripts can sometimes even bypass adblockers.
Unless you're willing to break your internet by running a noscript browser 24/7 on every site and manually approve every connection you are potentially vulnerable to an automated attack. And even with that it's possible for bots to hit your computer or network just by probing random IP addresses for known vulnerabilities.
Another common misconception I see is "I have nothing important no one would target me". Attacks aren't targeted, they're automated and just hit anything that is open.
Yes, but there are multiple versions (cumulative updates):
Thanks for this.Yes, but there are multiple versions (cumulative updates):
KB4528760 - Windows 10 and Server 2016/2019 v1903
KB4534273 - Windows 10 and Server 2016/2019 v1809
KB4534293 - Windows 10 and Server 2016/2019 v1803
ThanksYes, but there are multiple versions (cumulative updates):
KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909
KB4534273 - Windows 10 v1809 and Server 2019
KB4534293 - Windows 10 v1803 and Server 2016 v1803
Thanks for thisYes, but there are multiple versions (cumulative updates):
KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909
KB4534273 - Windows 10 v1809 and Server 2019
KB4534293 - Windows 10 v1803 and Server 2016 v1803
Yes, but there are multiple versions (cumulative updates):
KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909
KB4534273 - Windows 10 v1809 and Server 2019
KB4534293 - Windows 10 v1803 and Server 2016 v1803
So no? cause there aren't any other updates for me 😕
Check the Update History. You may have installed it yesterday.
Yes, but there are multiple versions (cumulative updates):
KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909
KB4534273 - Windows 10 v1809 and Server 2019
KB4534293 - Windows 10 v1803 and Server 2016 v1803
For people who are still on version 1803 of Windows 10 the update you need is KB4534293 that is this months cumulative update file.
It's worldwide.Not installed and not available. Is this just up for the US? Anyone in UK or Europe have these patches for 1803, 1903 or 1909?
KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909
KB4534273 - Windows 10 v1809 and Server 2019
KB4534293 - Windows 10 v1803 and Server 2016 v1803
Thanks for this. Should be added to the OP.
7 is not affected.Is Windows 7 Affected? Would be funny to see them have to release a patch 1 day after they "ended" patches.;
Edit- Seems these patches came out yesterday so windows 7 would still be included. Seems only Windows 10, Server 2016, Server 2019 are affected by this specific issue.
Drive-by downloads are a thing, which will initiate a download without your consentYeah, but wouldn't I need to specifically download a malicious file?
Download the KB manually?It might be due to a problem on my end.
I have a bunch of updates lined up but they all say "Pending Install" with no option to make them install. One is at "Initializing" and never goes beyond that.
There's no update option when I go to turn off my computer as well so I'm trying to figure out how I can make it update again.