Microsoft is making a quick move to update all of its supported versions of Windows in order to stop an known hacker attack. The company issued a security bulletin today that announced the release of a new version of its Certificate Trust list.
The security bulletin announced that Microsoft has been alerted that a digital certificate issued by TURKTRUST was a fraud. The message states:
This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
In addition, TURKTRUST mistakenly issued two subsidiary CAs that were used to created a false digital certificate for Google's main domain, which can also open the door for hackers to perform similar attacks on a number of Google's web services.
Microsoft has now updated its Certificate Trust list and is " ... providing an update for all supported releases of Microsoft Windows that removes the trust of certificates that are causing this issue." PCs that have automatic updates set up do not need to do anything. However, PCs that have Windows XP and Windows Server 2003 installed that don't have the automatic updater set up should go ahead and download the update manually.
Source: Microsoft security bulletin
Thanks to @getwired for the tip!
Cyber attack image via Shutterstock
7 Comments - Add comment