Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Need real-world translation for every day user


05 Sep 2011   #1

MS Windows 7 Ultimate SP1 64-bit
 
 
Need real-world translation for every day user

The recent certificate problem which it turns out also affected microsoft and windows update has been addressed by Microsoft.

My question, after reading following, do we need to be concerned that maybe some update problems we see are related to this problem?

Protecting yourself from attacks that leverage fraudulent DigiNotar digital certificates - Security Research & Defense - Site Home - TechNet Blogs


My System SpecsSystem Spec
.

05 Sep 2011   #2

Windows 7 & Windows Vista Ultimate
 
 

It is definitely complicated but I would not expect to see update problems. Rather, Windows XP users of IE could be susceptible to "man-in-the-middle" attacks until the Microsoft update is issued or they manually remove the DigiNotar certificate. However, don't forget that the SRD blog posts states that a man-in-the-middle attack can only occur if one of the following also occurs:
Quote:
  • The attacker is on your local network (open wireless network, for example);
  • The attacker owns or operates the network infrastructure between the victim client and the listening server; or
  • The attacker controls the DNS server used by your ISP, or can influence your choice of DNS server via DHCP responses if a client gets DNS settings via DHCP.
It cannot be stated that all Windows Vista and above systems were completely safe and not at risk after the issuance of Security Advisory 2607712 because they could have had a cached DigiNotar as a trusted root CA. Fortunately, the cached list is updated client-side every seven days. That makes the last date an attack targeting Internet Explorer users on Windows Vista and later platforms might possibly be successful is today, September 5.

As explained by Greg Keizer, Microsoft: Stolen SSL certs can't be used to install malware via Windows Update:

Quote:
According to Microsoft, the certificates issued for windowsupdate.com couldn't be used by attackers because the company no longer uses that domain. (Windows Update is now at windowsupdate.microsoft.com..) However, those for update.microsoft.com -- the domain for Microsoft Update -- and the wildcard *.microsoft.com could be.


As Ness said, updates delivered via Microsoft's services are signed with a separate certificate that's closely held by the company.
Without that code-signing certificate, attempts to deliver malware disguised as an update to a Windows PC would fail.
My System SpecsSystem Spec
06 Sep 2011   #3

Windows 7 & Windows Vista Ultimate
 
 

Copied from my blog:

Microsoft Security Advisory 2607712 has been updated to revoke the trust of the DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store.

The update is available via Automatic Update and applies to all supported releases of Microsoft Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

Copied below are the known issues from Microsoft KB Article 2607712, Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing for this update.

Known issues

  • A restart is required for all editions of Windows XP and of Windows Server 2003.
  • A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
  • At the explicit request of the Dutch government, the release of this update on Windows Update will be delayed for the Netherlands.

    This update will become available to the Netherlands on Windows Update and on all Automatic Update channels at a later date. Customers who want to manually install this update should click the appropriate platform download in the "Download information" section. On the next page, users will be able to select the language to install and can continue with the download and the installation.

My System SpecsSystem Spec
.


06 Sep 2011   #4

Windows 7 Ultimate x64 x2 + x86 + Windows 8.1 x64 x2
 
 

Update is now live - but needs to be selected to install (is only classed as Important) ...

Name:  Update Certificate.PNG
Views: 5
Size:  56.6 KB


My System SpecsSystem Spec
Reply

 Need real-world translation for every day user




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 09:59 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33