Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft Security Advisory, Fraudulent Digital Certificates

10 Nov 2011   #1
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 
Microsoft Security Advisory, Fraudulent Digital Certificates

Quote:
Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

DigiCert Sdn. Bhd is not affiliated with the corporation DigiCert, Inc., which is a member of the Microsoft Root Certificate Program.

There is no indication that any certificates were issued fraudulently. Instead, cryptographically weak keys have allowed some of the certificates to be duplicated and used in a fraudulent manner.

Microsoft is providing an update for all supported releases of Microsoft Windows that revokes the trust in DigiCert Sdn. Bhd. The update revokes the trust of the following two intermediate CA certificates:
  • Digisign Server ID – (Enrich), issued by Entrust.net Certification Authority (2048)
  • Digisign Server ID (Enrich), issued by GTE CyberTrust Global Root
Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. Please see the Suggested Actions section of this advisory for more information.
Read More:

Microsoft Security Advisory (2641690) - CNET Spyware, viruses, & security Forums

Microsoft Security Advisory (2641690): Fraudulent Digital Certificates Could Allow Spoofing


My System SpecsSystem Spec
12 Nov 2011   #2
JMH

Win 7 Ultimate 64-bit. SP1.
 
 
Windows 7 SP1 Update Removes Fraudulent Digital Certificates ...

Windows 7 SP1 Update Removes Fraudulent Digital Certificates That Could Allow Spoofing

Quote:
Microsoft has issued an update designed to remove trust for two Intermediate Certificate Authorities (CA) certificates from DigiCert Sdn. Bhd.

DigiCert Sdn. Bhd, is a subordinate certification authority (CA) of Entrust and GTE, based in Malaysia, and the Redmond company provided a heads-up of this refresh as of the start of November 2011.

KB 2641690 is now available for download for users of all supported versions of Windows, including Windows 7 Service Pack 1 (SP1).

Jerry Bryant, group manager, Response Communications Trustworthy Computing Group, revealed that the software giant also published Microsoft Security Advisory (2641690), offering users additional details about the transition of DigiCert Sdn.Bhd certificates to the Microsoft Untrusted Certificate Store.
Windows 7 SP1 Update Removes Fraudulent Digital Certificates That Could Allow Spoofing - Softpedia
My System SpecsSystem Spec
12 Nov 2011   #3
Phone Man

Windows 8.1 Pro w/Media Center 64bit, Windows 7 HP 64bit
 
 

I got that update yesterday 11/10 through windows update. I was wondering why it was offered out of cycle and couldn't find the KB article.

Jim
My System SpecsSystem Spec
Reply

 Microsoft Security Advisory, Fraudulent Digital Certificates




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 12:08 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App