Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://techhub.social/@dashjackson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dashjackson</span></a></span> <span class="h-card" translate="no"><a href="https://social.glitched.systems/@froge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>froge</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@arstechnica" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>arstechnica</span></a></span> this isn't new either.</p><ul><li><a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> refuses to fix their <a href="https://infosec.space/tags/CrpytoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CrpytoAPI</span></a> <a href="https://infosec.space/tags/Backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Backdoor</span></a> so anything that uses it (all browsers excpet <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> &amp; <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> as well as all eMail clients except <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thunderbird</span></a>) are vulnerable, and that vulnerable is trigger-able with a single HTTPS request.</li></ul><p><a href="https://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/kkarhan/windows-ca-</span><span class="invisible">backdoor-fix</span></a></p>