- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
You must log in or register to comment.
Yall remember eternal blue? no? only me?
Yeah … im never putting any of Micro$oft products on anything I need to be secure … ever
Remember regreSSHion?
All software has serious security vulnerabilities.
RegreSSHion is overblown … it was quickly patched and it was not reliably reproducible every time. It depended on “Luck” to have pointer fall on the right memory space in order to allow the code execution.
I think Terrapin was much much worse … and log4j … log4j was a DISASTER … but point taken.
I wasn’t shrilling my choice of OS tho, I think eternal blue is a lot worse than those other CVEs because the NSA KNEW about it and did not disclose it, and because Windows has a much wider user base of clueless users that easily fooled.
Well by all means then, let’s run our governments and banks on Windows! 🙄
If it’s a zero day then Microsoft didn’t know about it. If Microsoft knew about the exploit for a year it was not a zero day.
Zero Day just means that you have zero days to fix it before it becomes a problem. Doesn’t mean that you actually take zero days to fix it.
What? No it doesn’t, it means that the exploit has been known for zero days, aka it’s an unknown exploit.
A zero-day (also known as a 0-day) is a vulnerability in software or hardware that is typically unknown to the vendor and for which no patch or other fix is available. The vendor has zero days to prepare a patch as the vulnerability has already been described or exploited.
From wiki
