|
|
|
|
|
|
by tptacek
2342 days ago
|
|
|
This attack targets the nuts and bolts of how the Windows platform actually implements TLS; a vulnerability in CryptoAPI that allowed you spoof any ECC certificate would presumably break all of TLS. What might mitigate this in Windows Software Update would be some kind of key pinning that prevented arbitrary certificates from being used. Later Dmitri Alperovitch at Crowdstrike says this doesn't impact Windows Update. |
|
|