[Boneh-crypto-course] It’s Patch Tuesday
Jason Orendorff
jason.orendorff at gmail.com
Wed Apr 11 10:13:54 CDT 2012
Microsoft released patches for all versions of Windows yesterday,
fixing this bug (and others):
https://technet.microsoft.com/en-us/security/bulletin/ms12-024
"A remote code execution vulnerability exists in the Windows
Authenticode Signature Verification function used for portable
executable (PE) files. An anonymous attacker could exploit the
vulnerability by modifying an existing signed executable file to
leverage unverified portions of the file in such a way as to add
malicious code to the file without invalidating the signature. An
attacker who successfully exploited this vulnerability could take
complete control of an affected system. [...] An attacker could modify
an existing signed file to include malicious code without invalidating
the signature."
Oops.
-j
More information about the Boneh-crypto-course
mailing list