And here’s the full story:
The disclosure represents a major shift in the agency’s approach, choosing to put computer security ahead of building up its arsenal of hacking tools.
I can’t wait to hear about all the exploits in Windows 7 starting tomorrow.
Ironically, since the cryptographic update is for Windows 10 only, for today Windows 7 is the most secure OS in the Windows family.
And here’s the patch index page for today:
For the latest Patch Updates from Microsoft and third-party vendors, bookmark the Automox January 2020 Patch Tuesday Index, updated live throughout the day.
And here’s the ever hilarious analysis from The Register:
Grab your Microsoft, Adobe, SAP, Intel, and VMware fixes now
Here’s our blog breakdown:
Let Automox help break down the first Patch Tuesday of 2020. We cover critical updates from Microsoft as well as other third-party application releases that will help secure your environment.
We also got some good press around sharing our analysis and recommendations:
January 2020 Patch Tuesday: the "star of the show" is a Windows flaw that could allow attackers to successfully spoof code-signing certificates.
The software giant patched 300+ bugs in its quarterly update.
Multiple U.S. Government agencies are urging Windows 10 users to update as soon as possible.
In case you don’t follow Swift on Security, here’s their take on things:
More details on the proof of concept exploit:
Two proof-of-concept exploits published for the CurveBall (CVE-2020-0601) vulnerability.
And the researchers used the proof of concept to rickroll the NSA:
Attack demoed less than 24 hours after disclosure of bug-breaking certificate validation.
Looks like the patch is having problems for some people:
Another fail – and this time it’s serious
Has anyone run into this?
