Need real-world translation for every day user


  1. Posts : 10,200
    MS Windows 7 Ultimate SP1 64-bit
       #1

    Need real-world translation for every day user


    The recent certificate problem which it turns out also affected microsoft and windows update has been addressed by Microsoft.

    My question, after reading following, do we need to be concerned that maybe some update problems we see are related to this problem?

    Protecting yourself from attacks that leverage fraudulent DigiNotar digital certificates - Security Research & Defense - Site Home - TechNet Blogs
      My Computer


  2. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #2

    It is definitely complicated but I would not expect to see update problems. Rather, Windows XP users of IE could be susceptible to "man-in-the-middle" attacks until the Microsoft update is issued or they manually remove the DigiNotar certificate. However, don't forget that the SRD blog posts states that a man-in-the-middle attack can only occur if one of the following also occurs:

    • The attacker is on your local network (open wireless network, for example);
    • The attacker owns or operates the network infrastructure between the victim client and the listening server; or
    • The attacker controls the DNS server used by your ISP, or can influence your choice of DNS server via DHCP responses if a client gets DNS settings via DHCP.
    It cannot be stated that all Windows Vista and above systems were completely safe and not at risk after the issuance of Security Advisory 2607712 because they could have had a cached DigiNotar as a trusted root CA. Fortunately, the cached list is updated client-side every seven days. That makes the last date an attack targeting Internet Explorer users on Windows Vista and later platforms might possibly be successful is today, September 5.

    As explained by Greg Keizer, Microsoft: Stolen SSL certs can't be used to install malware via Windows Update:

    According to Microsoft, the certificates issued for windowsupdate.com couldn't be used by attackers because the company no longer uses that domain. (Windows Update is now at windowsupdate.microsoft.com..) However, those for update.microsoft.com -- the domain for Microsoft Update -- and the wildcard *.microsoft.com could be.


    As Ness said, updates delivered via Microsoft's services are signed with a separate certificate that's closely held by the company.
    Without that code-signing certificate, attempts to deliver malware disguised as an update to a Windows PC would fail.
      My Computer


  3. Posts : 2,303
    Windows 7 & Windows Vista Ultimate
       #3

    Copied from my blog:

    Microsoft Security Advisory 2607712 has been updated to revoke the trust of the DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store.

    The update is available via Automatic Update and applies to all supported releases of Microsoft Windows, including Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.

    Copied below are the known issues from Microsoft KB Article 2607712, Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing for this update.

    Known issues


    • A restart is required for all editions of Windows XP and of Windows Server 2003.
    • A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
    • At the explicit request of the Dutch government, the release of this update on Windows Update will be delayed for the Netherlands.

      This update will become available to the Netherlands on Windows Update and on all Automatic Update channels at a later date. Customers who want to manually install this update should click the appropriate platform download in the "Download information" section. On the next page, users will be able to select the language to install and can continue with the download and the installation.


      My Computer


  4. Posts : 31,242
    Windows 11 Pro x64 [Latest Release and Release Preview]
       #4

    Update is now live - but needs to be selected to install (is only classed as Important) ...

    Need real-world translation for every day user-update-certificate.png
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 16:48.
Find Us