digital certificates

Today we’re publishing the Link Removed. We fielded three questions during the webcast, with specific questions focusing primarily on Windows Print Spooler (MS13-050), Microsoft Office (MS13-051), and the security advisory addressing digital certificates (SA2854544). There was one...

It was just over one year ago, May 28, 2012, to be exact, that I transitioned from running active MSRC cases and writing bulletins to my current role managing software security incidents. A lot has changed in that year - and I’ve dealt with some interesting issues during my tenure - but...

Revision Note: V1.0 (June 11, 2013): Advisory published. Summary: Microsoft is announcing the availability of an update as part of ongoing efforts to improve cryptography and digital certificate handling in Windows. Over the course of months, Microsoft will continue to announce...

Revision Note: V1.0 (October 9, 2012): Advisory published. Summary: Microsoft is aware of an issue involving specific digital certificates that were generated by Microsoft without proper timestamp attributes. These digital certificates were later used to sign some Microsoft core...

Before we dive into the July security updates, let’s change up the normal order and take a look at the two Security Advisories we are releasing today. One takes an exciting step into the future, while the other prepares us to take an equally important step away from the past. Security...

Revision Note: V1.0 (July 10, 2012): Advisory published. Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and...

Revision Note: V1.0 (June 3, 2012): Advisory published. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...

Syndicated from the United States Security Readiness Team (US-CERT). Link Removed - Invalid URL

Provides a link to Microsoft Security Advisory (2718704): Unauthorized digital certificates could allow spoofing. Link Removed

Revision Note: V1.0 (June 3, 2012): Advisory published. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...

Revision Note: V2.0 (November 16, 2011): Revised to announce the rerelease of the KB2641690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690 under Known Issues in the Executive Summary. Summary: Microsoft is...

Revision Note: V1.0 (November 10, 2011): Advisory published. Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when...

Revision Note: V5.0 (July 6, 2011): Announced the release of an update for Zune HD devices and moved Zune devices to the Non-Affected Devices table. Summary: Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted...

Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...

Provides a link to Microsoft Security Advisory (2607712): Fraudulent digital certificates could allow spoofing. Link Removed

Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. Advisory Summary:Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...

Microsoft’s investigation into the scope and impact of the DigiNotar compromise has continued over the holiday weekend. We’ve now confirmed that spoofed certificates for *.microsoft.com and *.windowsupdate.com are among those issued by the Dutch firm. Users of Vista and later...

Revision Note: V2.0 (August 29, 2011): Revised to correct erroneous advisory number. Advisory Summary:Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported...

Revision Note: V2.0 (August 29, 2011): Revised to correct erroneous advisory number.Summary: Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of...

Revision Note: V1.0 (August 29, 2011): Advisory published. Advisory Summary:Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft...