Microsoft issues unauthorized certificate warning, patch

Microsoft has issued a rather serious security advisory via TechNet, affecting virtually every currently supported Windows product, and issued a patch to correct the problem. The threat stems from unauthorized Microsoft Certificates being used to spoof content and carry out phishing attacks.

The report doesn't go into details on the attacks themselves, simply stating that Microsoft is aware of the problem and that the unauthorized certificates could be used to “spoof content, perform phishing attacks, or perform man-in-the-middle attacks.” Simply put, that's some pretty serious stuff, and the it could lead to a lot of personal information falling into the wrong hands if left unchecked.

Microsoft doesn't plan on letting that happen, and they suggest that install an update revoking the trust from the affected certificates, either via Windows Update. If that's not working for you, you can grab the patch directly from here.

The update addresses three certificates causing the problem, two from the Microsoft Enforced Licensing Intermediate PCA, and one from the Microsoft Enforced Licensing Registration Authority CA (SHA1). We'd love to tell you more, but that's all we've got for now.

Source: TechNet

Report a problem with article
Previous Story

NeoGamr at E3 2012: Day -2 highlights

Next Story

Acer announces Windows 8 touch screen Ultrabooks

16 Comments

Commenting is disabled on this article.

recursive said,
Another reason to stay off the Microsoft Stuff for good.

yeah, and like this can't happen to anyone?... comon...

recursive said,
Another reason to stay off the Microsoft Stuff for good.

Uh-huh. Care to name one of the alternatives that hasn't had issues?

recursive said,
Another reason to stay off the Microsoft Stuff for good.

Actually, this is a good reason to use Microsoft stuff. Look how fast they fixed it.

How long did it take Apple to fix that Flash vulternability, while Flashback roamed in the wild?

rfirth said,

Actually, this is a good reason to use Microsoft stuff. Look how fast they fixed it.

How long did it take Apple to fix that Flash vulternability, while Flashback roamed in the wild?

and the Java fix as well.

Thanks for the tip; WU indeed had an update available for my W7 boxes. I also checked about any update for W8 Build 8400 but nothing seems to be available, is the build unaffected?
And what about WP 7.5?

Fritzly said,
Thanks for the tip; WU indeed had an update available for my W7 boxes. I also checked about any update for W8 Build 8400 but nothing seems to be available, is the build unaffected?
And what about WP 7.5?

RC is affected, too. Try again, I just installed the update.

Drossel said,

RC is affected, too. Try again, I just installed the update.

Did WU listed it? I tried to check for updates before leaving but nothing was available; I will try again when I come back.
Thanks for the update.

Fritzly said,
Thanks for the tip; WU indeed had an update available for my W7 boxes. I also checked about any update for W8 Build 8400 but nothing seems to be available, is the build unaffected?
And what about WP 7.5?

Just got it for Win 8 RP Listed as KB2718704