Windows 8 and 8.1 Forums


Improperly Issued Digital Certificate Could Allow Spoofing

  1. #1


    Posts : 22,582
    64-bit Windows 10

    Improperly Issued Digital Certificate Could Allow Spoofing


    Microsoft Security Advisory (2916652)

    Improperly Issued Digital Certificates Could Allow Spoofing

    Published: Monday, December 09, 2013
    Version: 1.0


    General Information

    Executive Summary

    Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

    The improperly issued subordinate CA certificate has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. The subordinate CA certificate may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks.

    To help protect customers from potentially fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue. For more information about these certificates, see the Frequently Asked Questions section of this advisory.

    Recommendation. An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8. For these operating systems and devices, customers do not need to take any action as these systems and devices will be automatically protected.

    For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action as these systems will be automatically protected.

    At this time, no update is available for customers running Windows XP or Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates.

    For more information, see the Suggested Actions section of this advisory.


    Suggested Actions

    Apply the update for supported releases of Microsoft Windows

    An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.

    For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action because the CTL will be updated automatically.

    No update is available at this time for customers running Windows XP and Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates.


    Advisory Details

    Additional Suggested Actions

    • Protect your PC We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.
    • Keep Microsoft Software Updated Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.


    Source: https://technet.microsoft.com/en-us/...visory/2916652

      My System SpecsSystem Spec

  2. #2


    Posts : 22,582
    64-bit Windows 10


    Update:

    - Revision Note: V2.0 (December 12, 2013): Advisory revised
    to announce the availability of the 2917500 update for
    customers running Windows XP or Windows Server 2003, or
    for customers who choose not to install the automatic updater
    of revoked certificates. The 2917500 update is available via
    the Microsoft Update service and from the download center.
    For more information, see the Suggested Actions section of
    this advisory.
      My System SpecsSystem Spec

Improperly Issued Digital Certificate Could Allow Spoofing
Related Threads
Hi everyone, on every email message I am getting a Security Certificate pop-up window. It asks me if I wish to proceed - yes or no or do I wish to see the certificate. It's driving me nuts - this was never there when I started using Windows Live Mail and I would really like to get rid of it - can...
Source: Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow Spoofing
I'm trying to set up my email account in the mail app. Incoming and outgoing connections are both IMAP using SSL. The programme tells me that I need that "To use this account you need to install a digital certificate on this PC. Contact you system administrator" The email settings work fine...
Source: Microsoft Security Advisory (2798897): Fraudulent Digital Certificates Could Allow Spoofing See also: Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing
Driver Certificate ? in Drivers & Hardware
I tried to figure out how to turn off driver signing in 8. I had to because my wireless adapter's driver literally gets rejected by the OS. I dug around in the 7 forum and found this : bcdedit -set loadoptions DISABLE_INTEGRITY_CHECKS bcdedit -set TESTSIGNING ON The power shell didn't give...
Eight Forums Android App Eight Forums IOS App Follow us on Facebook