-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
I just noticed that Microsoft silently patched the RedSun vulnerability, no CVE, no nothing, just a silent patch. Not surprised they never admit their mistakes but considering it was under active exploitation, having zero advisory is insane.
Now regarding YellowKey, lots of you are wondering how does one even find such backdoor ?
I'll tell you how, it took me more time trying to get it to work than the amount of sleep I had in two years combined. No AI involved, no help in any shape or form. I could have made some insane cash selling this but no amount of money will stand between me and my determination against Microsoft.
Funny thing is, no one and I say again NO ONE has managed to figure out how YellowKey works, the real root cause is still not unknown by the general public. I think it will take a while even for MSRC to find the real root cause of the issue. I just never managed to understand why this vulnerability is sooo well hidden.
Second thing is, No, TPM+PIN does not help, the issue is still exploitable regardless, I asked myself this question, can it still work in a TPM+PIN environment ? Yes it does, I'm just not publishing the PoC, I think what's out there is already bad enough.
I can't wait when I will be allowed to disclose the full story, I think people will find my crashout very reasonable and it definitely won't be a good look for Microsoft.
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRJTvAf/AWVhAKEeb7FFoRCS0/SbAUCagRfWwAKCRDFFoRCS0/S
bDlGAP42z1Tck5TFPhaUbrC7WHcDwzr/ajAPLfj2ttXKfph30gEAm0KIZyf874gb
WAAGxop9J4RtzHIcQG6iPd1UqmWxhwM=
=xXqu
-----END PGP SIGNATURE-----
No comments:
Post a Comment