Quickly Patch A New Critical Windows 10 Flaw Discovered by the NSA – Tempemail – Blog – 10 minute

After Adobe today releases its first Patch Tuesday updates for 2020, Microsoft has now also published its January security advisories warning billions of users of new vulnerabilities in its various products.
What’s so special about today’s is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the Tempemail Security Agency (NSA) of the United States.

What’s more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to the Microsoft, unlike Eternalblue SMB flaw that the agency kept secret for at least five years, and then was leaked to the public by a mysterious group and caused WannaCry menace in 2017.

CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability

According to an advisory released by Microsoft, the flaw, dubbed ‘NSACrypt’ and tracked s CVE-2020-0601, resides in the Crypt32.dll module that contains various ‘Certificate and Cryptographic Messaging functions’ used by the Windows Crypto API for handling encryption and decryption of data.
The issue resides in the way Crypt32.dll module validates Elliptic Curve Cryptography (ECC) certificates that are currently the industry standard for public-key cryptography and is used in the majority of SSL/TLS certificates.
In a press release published by the NSA, “the certificate validation vulnerability allows an attacker to undermine how Windows verifies cryptographic trust and can enable remote code execution.”
Exploitation of the vulnerability allows attackers to:

HTTPS connections
Signed files and emails
Signed executable code launched as user-mode processes

Though technical details of the flaw are not yet available to the public, Microsoft confirms the flaw, which if exploited successfully, could allow attackers to spoof digital signatures on software, tricking the operating system into installing malicious software while impersonating the identity of any legitimate software—without users’ knowledge.

“A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates,” the microsoft advisory says.
“An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious because the digital signature would appear to be from a trusted provider.”
Besides this, the flaw in CryptoAPI could also make it easy for remote man-in-the-middle attackers to impersonate websites or decrypt confidential information on user connections to the affected software.
“This vulnerability is classed Important and we have not seen it used in active attacks,” the microsoft said in a separate blog post.
“This vulnerability is one example of our partnership with the security research community where a vulnerability was privately disclosed and an update released to ensure customers were not put at risk.”
“The consequences of not patching the vulnerability are severe and widespread. Remote exploitation tools will likely be made quickly and widely available,” the NSA said.
There is no mitigating or workaround available for this vulnerability, so you’re highly recommended to install the latest software updates by heading on to your Windows Settings → Update & Security → Windows Update → clicking ‘Check for updates on your PC.’

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Adobe Releases First 2020 Patch Tuesday Software Updates – Tempemail – Blog – 10 minute

Adobe today released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator.
It’s the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.
Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.

5 of the 9 security vulnerabilities are ‘critical’ in severity, and all of them affect Adobe Illustrator CC versions 24.0 and earlier, which were reported to the company by Fortinet’s FortiGuard Labs researcher Honggang Ren.
According to an advisory published by Adobe, all five critical issues in Adobe Illustrator software are memory corruption bugs that could allow an attacker to execute arbitrary code on targeted systems in the context of the current user.
The rest 4 security vulnerabilities affect Adobe Experience Manager—a comprehensive content management solution for building websites, mobile apps, and forms—none of which are critical in severity but should be patched at your earliest convenience.
That’s also because Adobe has marked security updates for Adobe Experience Manager with a priority rating of 2, which means similar flaws have previously been seen exploited in the wild, but for now, the company has found no evidence of any exploitation of these vulnerabilities in the wild.

These reported issues—which include: reflected cross-site scripting, user interface injection, and expression language injection—affect multiple versions of Adobe Experience Manager, all leading to sensitive information disclosure, where three of them are important in severity and one moderate.
Adobe today released Illustrator CC 2019 version 24.0.2 for Windows operating system and patches for Adobe Experience Manager versions 6.3, 6.4, and 6.5.
Adobe recommends end-users and administrators to install the latest security updates as soon as possible to protect their systems and businesses from potential cyber-attacks.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Bethesda’s latest patch for Doom 1 and 2 adds 60 FPS support, community-made content packs, and more – Blog – 10 minute

In context: Just about every gamer has heard of the Doom franchise. Whether they came to the party late and started with more recent titles, or began their demon-slaying adventures with the original games, players have been consistently entertained by the series for years now. It’s not hard to see why, either — Doom games are fast-paced, action-packed, and above all, brutal.
Of course, some of the credit for the series’ longevity has to go to the community that surrounds it. Players have created custom levels for its earliest entries (Doom 1 & 2), added new features, and even rebuilt the games entirely in the case of some specific mods.
Now, according to PC Gamer, Bethesda is using some of that community content to improve the aging classics for modern times. The company is accomplishing this by rolling out add-on support for the original Doom and its sequel.
Similar to some of Bethesda’s community-created content features in other games (such as the controversial Creation Club), add-ons will be curated and approved by the company before becoming officially available. Like the Creation Club, this content will be accessible in-game when you boot up Doom 1 or 2’s respective enhanced editions through the Bethesda launcher.

These add-ons will mostly be level packs and overhaul mods — some new, some old — but Bethesda has also independently added a few other modern features to the games. Some examples include support for 60 FPS gameplay (it’s unclear if you’re able to go higher or not), quicksave/quickload functionality, and even improved controls.
For a full list of the features arriving with the latest patch for Doom 1 & 2, check out Bethesda’s official changelog right here. If you don’t yet have the games, both titles will only run you $5 each on Bethesda.net.

Related Reads

10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes.Tempemail.co – is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!

Mozilla releases patch for a severe vulnerability in Firefox that’s being actively exploited – Blog – 10 minute

In brief: While it’s always a good idea to keep your operating system and apps up to date, we’ve become so dependent on web browsers that they sometimes need to be patched several times a week to fix glaring security issues that hackers are eager to exploit. Such is the case with the latest Firefox update, which patches a serious bug that makes it easy for someone to take complete control of your system.
If you’re using Firefox as your go-to web browser, you might want to update it as soon as possible. Earlier today, Mozilla rushed out version 72.0.1 (and ESR 68.4.1) to fix a vulnerability that is actively being exploited in the wild to take complete control of machines running the vulnerable bits of the popular open source browser.
If you need another reason to be worried about using an unpatched version, the United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory explaining that there is sufficient evidence that hackers are taking advantage of this zero-day flaw.

Mozilla says the vulnerability was uncovered and reported by researchers at China-based Qihoo 360. Apparently, a bug indexed as CVE-2019-17026 is a “type confusion” vulnerability that affects the IonMonkey just-in-time compiler that’s an essential part of Mozilla’s SpiderMonkey JavaScript engine.
In simple terms, it’s a memory bug where a program allocates resources as one type but later accesses those resources as a different type. This allows attackers to access data stored in other memory locations that are normally off-limits, and execute code on a vulnerable system through specially crafted web pages.
The flaw has been fixed in Firefox 72.0.1, just 24 hours after version 72 was released with fixes for 11 other vulnerabilities. Last year, two serious zero-day flaws allowed attackers to slip a largely undetected backdoor on Macs used by operators of cryptocurrency exchange Coinbase.

Related Reads

10 minutes mail – Also known by names like : 10minemail, 10minutemail, 10mins email, mail 10 minutes, 10 minute e-mail, 10min mail, 10minute email or 10 minute temporary email. 10 minute email address is a disposable temporary email that self-destructed after a 10 minutes.Tempemail.co – is most advanced throwaway email service that helps you avoid spam and stay safe. Try tempemail and you can view content, post comments or download something anonymously on Internet.

Tempemail , Tempmail Temp email addressess (10 minutes emails)– When you want to create account on some forum or social media, like Facebook, Reddit, Twitter, TikTok you have to enter information about your e-mail box to get an activation link. Unfortunately, after registration, this social media sends you dozens of messages with useless information, which you are not interested in. To avoid that, visit this Temp mail generator: tempemail.co and you will have a Temp mail disposable address and end up on a bunch of spam lists. This email will expire after 10 minute so you can call this Temp mail 10 minute email. Our service is free! Let’s enjoy!