Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.linux.pizza/@marjolica" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>marjolica</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@utf_7" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>utf_7</span></a></span> <span class="h-card" translate="no"><a href="https://techhub.social/@dashjackson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dashjackson</span></a></span> <span class="h-card" translate="no"><a href="https://social.glitched.systems/@froge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>froge</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>arstechnica</span></a></span> It'll impact <em>any</em> application that uses <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>' <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> and doesn't come with it's own <a href="https://infosec.space/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> Library and <a href="https://infosec.space/tags/CertificateManagment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CertificateManagment</span></a>.</p><ul><li>IDK if the <em>"<a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> Subsystem for <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>"</em> (The real <em>"<a href="https://infosec.space/tags/WindowsSubsystemForLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsSubsystemForLinux</span></a>"</em> is <a href="https://infosec.space/tags/Wine" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Wine</span></a>!) may or may not be as <a href="https://infosec.space/tags/cursed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cursed</span></a> as to just wrap said functions into the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> instead of doing it with the applications' dependencies.</li></ul><p>Needless to say all <a href="https://infosec.space/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chromium</span></a> variants and <a href="https://infosec.space/tags/IE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IE</span></a> / <a href="https://infosec.space/tags/Edge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Edge</span></a> are vulnerable to this <a href="https://infosec.space/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> which exists since at least <a href="https://infosec.space/tags/WindowsXP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsXP</span></a> to this day!</p><ul><li>Thus consider said <a href="https://infosec.space/tags/OS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OS</span></a> <em>inherently unsafe!</em></li></ul>