spoofing

Revision Note: V2.0 (August 10, 2010): Advisory updated to reflect publication of security bulletin. Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-049 to address this issue. For more information about this issue, including...

Revision Note: V1.2 (September 5, 2012): Corrected the common name for the "CN=Microsoft Online Svcs BPOS APAC CA4" certificate issued by Microsoft Services PCA. Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a...

Severity Rating: Important Revision Note: V1.0 (May 14, 2013): Bulletin published. Summary: This security update resolves one privately reported vulnerability and one publicly disclosed vulnerability in the .NET Framework. The more severe of the vulnerabilities could allow...

Link Removed

Revision Note: V1.0 (January 3, 2013): Advisory published. Summary: Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be...

Revision Note: V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email...

Provides a link to Microsoft Security Advisory (2728973): Unauthorized digital certificates could allow spoofing. Link Removed

Revision Note: V1.0 (July 10, 2012): Advisory published. Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and...

Revision Note: V1.0 (June 3, 2012): Advisory published. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...

Provides a link to Microsoft Security Advisory (2718704): Unauthorized digital certificates could allow spoofing. Link Removed

Revision Note: V1.0 (June 3, 2012): Advisory published. Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or...

Revision Note: V2.0 (November 16, 2011): Revised to announce the rerelease of the KB2641690 update. See the Update FAQ in this advisory for more information. Also, added link to Microsoft Knowledge Base Article 2641690 under Known Issues in the Executive Summary. Summary: Microsoft is...

Provides a link to Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing. Link Removed

Revision Note: V1.0 (November 10, 2011): Advisory published. Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when...

Provides a link to Microsoft Security Advisory (2616676): Fraudulent digital certificates could allow spoofing. Link Removed

Revision Note: V5.0 (July 6, 2011): Announced the release of an update for Zune HD devices and moved Zune devices to the Non-Affected Devices table. Summary: Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted...

Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. Summary: Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...

Provides a link to Microsoft Security Advisory (2607712): Fraudulent digital certificates could allow spoofing. Link Removed

Revision Note: V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue. Advisory Summary:Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root...

Revision Note: V2.0 (August 29, 2011): Revised to correct erroneous advisory number. Advisory Summary:Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported...