Fraudulent Digital Certificates Could Allow Spoofing

Page 1 of 2 12 LastLast

    Fraudulent Digital Certificates Could Allow Spoofing


    Last Updated: 06 Sep 2011 at 14:56
    Microsoft Security Advisory (2607712)
    Fraudulent Digital Certificates Could Allow Spoofing

    General Information

    Executive Summary

    Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers.

    Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List.

    All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003.

    Microsoft is continuing to investigate this issue and may release future updates to help protect customers.
    Read more at: Microsoft Security Advisory (2607712): Fraudulent Digital Certificates Could Allow Spoofing

       Note

    UPDATE:
    V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. (KB2607712) available through Windows Update.

    Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing

    Microsoft Security Advisory (2607712): Fraudulent Digital Certificates Could Allow Spoofing



    Brink's Avatar Posted By: Brink
    30 Aug 2011



  1. Posts : 2,686
    Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
       #1

    Shawn,
    There is a problem in your link. Looks like it is missing the 2 on the end of the link.

    Jim
      My Computer


  2. Posts : 71,959
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #2

    Thank you. Fixed. :)
      My Computer


  3. Posts : 1,030
    Linux Mint / XP / Win7 Home, Pro, Ultimate / Win8.1 / Win10
       #3

    Official response from Vasco can be found here:

    news_DigiNotar reports security incident

    Others have made speculative comments such as:

    "There's speculation that it's a MITM (man in the middle) by the Iranian government, but given the existing record of CAs ready to sell certs to anyone whose check clears, it could just be another Comodogate."

    Regards,
    GEWB
      My Computer


  4. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #4

    Thanks Brink. Good to hear that MS is working on this problem.
      My Computer


  5. Posts : 293
    win 7 home premium 64 bit
       #5

    This is why I respect MS so much more than Apple.

    It disgusts me that Apple gets so much praise in the media too. When for the most part they DO NOT deserve it. While MS gets the beat down almost every time.

    MS takes on every security issue head on, and is not so arrogant as to refuse to acknowledge an issue such as this, on the other hand Apple hides from this kind of thing and tells their customers to just "not worry". One more reason why I will always use Windows OS over Apple OS X.
      My Computer


  6. Posts : 2,686
    Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
       #6

    Mozilla has released FF 6.0.1 to counter act this security breach.

    https://www.mozilla.org/security/ann...sa2011-34.html

    Jim
      My Computer


  7. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #7

    Thanks Phone man I how have the update.
      My Computer


  8. JMH
    Posts : 7,952
    Win 7 Ultimate 64-bit. SP1.
       #8

    Microsoft Confirms Spoofed Certificates for Microsoft.com and Windows



    Microsoft Confirms Spoofed Certificates for Microsoft.com and Windowsupdate.com from DigiNotar

    Spoofed certificates for .microsoft.com and .windowsupdate.com are among those issued by Dutch-based DigiNotar, which has been at the center of a scandal involved fraudulent certificates used to attack users of Google.com sites.

    Microsoft has confirmed officially that certificates for its own online properties from DigiNotar have also been compromised, and already took measures in order to ensure that customers running Internet Explorer on Windows Vista and Windows 7 are protected.
    Microsoft Confirms Spoofed Certificates for Microsoft.com and Windowsupdate.com from DigiNotar - Softpedia
      My Computer


  9. Posts : 71,959
    64-bit Windows 11 Pro for Workstations
    Thread Starter
       #9

    Hackers Issue Rogue SSL Certificates for CIA, MI6, Mossad; Apple Pat


    A well known security firm warns that the number of compromised digital security certificates from DigiNotar, a Dutch certificate authority outfit owned by VASCO Data Security International, has doubled in size over the past week from 250 false SSL certificates to 531. False certificates have now been issued for Facebook, Google, Tor, Skype, Mossad, CIA, MI6, Twitter, and several other high profile sites.
    Read more at:
    Maximum PC | Hackers Issue Rogue SSL Certificates for CIA, MI6, and Mossad; Apple Stands Pat
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:01.
Find Us