• Light/Dark
  • Ever wanted an RSS feed of all your favorite gaming news sites? Go check out our new Gaming Headlines feed! Read more about it here.

Windows 10 users: UPDATE NOW! Certificate validation is broken! (NSA: Critical Vulnerability Advisory issued)

Kyrios

Kyrios

Member
Oct 27, 2017
14,603
MazeHaze said:
What does this mean exactly? When I read shit like this all I see is a transcript of the Charlie Brown teacher
Click to expand...
Click to shrink...

From an article I read about it:

The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI. The component has a range of functions, one of which allows developers to digitally sign their software, proving that the software has not been tampered with. But the bug may allow attackers to spoof legitimate software, potentially making it easier to run malicious software — like ransomware — on a vulnerable computer.

"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," Microsoft said.
Click to expand...
Click to shrink...

DarknessTear said:
yeah, I'm downloading everything right now. Maybe the glitch won't happen again this time... not counting on it though.
Click to expand...
Click to shrink...

Hopefully not this time! lol
 
vestan

vestan

#REFANTAZIO SWEEP
Member
Dec 28, 2017
24,605
MazeHaze said:
Yeah, but wouldn't I need to specifically download a malicious file?
Click to expand...
Click to shrink...
You're telling me you aren't downloading malicious files on the daily?

GraveFixedFinwhale-max-1mb.gif
 
Bomblord

Bomblord

Self-requested ban
Banned
Jan 11, 2018
6,390
The old adage of "just don't click anything suspicious" or "just don't be stupid" on the internet is no longer relevant. Malicious ads, injected scripts, can and do download files to your PC. These ads are inserted into legitimate websites and inserted scripts can sometimes even bypass adblockers.

Unless you're willing to break your internet by running a noscript browser 24/7 on every site and manually approve every connection you are potentially vulnerable to an automated attack. And even with that it's possible for bots to hit your computer or network just by probing random IP addresses for known vulnerabilities.

Another common misconception I see is "I have nothing important no one would target me". Attacks aren't targeted, they're automated and just hit anything that is open.
 
Last edited:
OP
OP
neoak

neoak

Member
Oct 25, 2017
15,257
Bomblord said:
The old adage of "just don't click anything suspicious" or "just don't be stupid" on the internet is no longer relevant. Malicious ads, injected scripts, can and do download files to your PC. These ads are inserted into legitimate websites and inserted scripts can sometimes even bypass adblockers.

Unless you're willing to break your internet by running a noscript browser 24/7 on every site and manually approve every connection you are potentially vulnerable to an automated attack. And even with that it's possible for bots to hit your computer or network just by probing random IP addresses for known vulnerabilities.

Another common misconception I see is "I have nothing important no one would target me". Attacks aren't targeted, they're automated and just hit anything that is open.
Click to expand...
Click to shrink...
Definitely. People think that they can't be affected by stuff, which isn't true.
 
Nezacant

Nezacant

Member
Oct 27, 2017
2,085
Is the KB number the same for Windows Server?

EDIT: NVM I figured it out. The KB for Windows Server is KB4534273.
 
Last edited:
chromatic9

chromatic9

Member
Oct 25, 2017
2,003
VinceK said:
For people who are still on version 1803 of Windows 10 the update you need is KB4534293 that is this months cumulative update file.
Click to expand...
Click to shrink...

Not installed and not available. Is this just up for the US? Anyone in UK or Europe have these patches for 1803, 1903 or 1909?

KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909

KB4534273 - Windows 10 v1809 and Server 2019

KB4534293 - Windows 10 v1803 and Server 2016 v1803
 
OP
OP
neoak

neoak

Member
Oct 25, 2017
15,257
chromatic9 said:
Not installed and not available. Is this just up for the US? Anyone in UK or Europe have these patches for 1803, 1903 or 1909?

KB4528760 - Windows 10 v1903/v1909 and Windows Server v1903/v1909

KB4534273 - Windows 10 v1809 and Server 2019

KB4534293 - Windows 10 v1803 and Server 2016 v1803
Click to expand...
Click to shrink...
It's worldwide.
 
Taker34

Taker34

QA Tester
Verified
Oct 25, 2017
1,122
building stone people
Great, have to manually download it from the Update Catalogue site since I'm getting error messages whenever I try to update automatically. Restarting the services, deleting the update files and even running their Win10 diag tool couldn't help me. Sometimes I genuinely hate Win10.
 
Minions

Minions

Member
Oct 25, 2017
423
Is Windows 7 Affected? Would be funny to see them have to release a patch 1 day after they "ended" patches.;

Edit- Seems these patches came out yesterday so windows 7 would still be included. Seems only Windows 10, Server 2016, Server 2019 are affected by this specific issue.
 
OP
OP
neoak

neoak

Member
Oct 25, 2017
15,257
Minions said:
Is Windows 7 Affected? Would be funny to see them have to release a patch 1 day after they "ended" patches.;

Edit- Seems these patches came out yesterday so windows 7 would still be included. Seems only Windows 10, Server 2016, Server 2019 are affected by this specific issue.
Click to expand...
Click to shrink...
7 is not affected.
 
Dogui

Dogui

Member
Oct 28, 2017
8,780
Brazil
I wonder if there's a way to install only the KB4528760 update and ignore the other 2, because damn this is slow af. First time updating something manually on W10, looks significantly slower compared with the auto before shutdown updates.
 
Jaypah

Jaypah

Member
Oct 27, 2017
2,866
Thanks for the heads up. Man, it's pretty boring here without my PC. Oh well, shouldn't be much longer.
 
VanillaCakeIsBurning

VanillaCakeIsBurning

Member
Oct 26, 2017
3,763
BadWolf said:
Installed some today, early in the morning.
Click to expand...
Click to shrink...

It might be due to a problem on my end.

I have a bunch of updates lined up but they all say "Pending Install" with no option to make them install. One is at "Initializing" and never goes beyond that.

There's no update option when I go to turn off my computer as well so I'm trying to figure out how I can make it update again.
 
OP
OP
neoak

neoak

Member
Oct 25, 2017
15,257
VanillaCakeIsBurning said:
It might be due to a problem on my end.

I have a bunch of updates lined up but they all say "Pending Install" with no option to make them install. One is at "Initializing" and never goes beyond that.

There's no update option when I go to turn off my computer as well so I'm trying to figure out how I can make it update again.
Click to expand...
Click to shrink...
Download the KB manually?

If not, try this:


or if that doesn't work:

 

Deleted member 23381

User requested account closure
Banned
Oct 28, 2017
5,029
I was gonna make a post about how I haven't updated my W10 since 2018 and wasn't gonna start now, but then I noticed MS stealthed one in on September 22nd, wtf guys.

qIjMB4Y.png
 
You must log in or register to reply here.