untrusted store

About this tag
The untrusted store tag covers Microsoft's response to fraudulent digital certificates that could enable spoofing, phishing, and man-in-the-middle attacks. Discussions focus on security advisories and updates that add compromised certificates—such as those from DigiNotar and TURKTRUST—to the Windows Untrusted Certificate Store. Topics include certificate authority mismanagement, cross-signed root certificates, and protective measures for all supported Windows releases. The tag is relevant for IT professionals and security administrators managing certificate trust and system updates.
  1. News

    Fraudulent Digital Certificates Could Allow Spoofing - Version: 1.1

    Severity Rating: Revision Note: V1.1 (January 14, 2013): Corrected the disallowed certificate list effective date to "Monday, December 31, 2012 (or later)" in the FAQ entry, "After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?" Summary...
  2. News

    Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing...

    Revision Note: V1.2 (September 5, 2012): Corrected the common name for the "CN=Microsoft Online Svcs BPOS APAC CA4" certificate issued by Microsoft Services PCA. Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a...
  3. News

    Microsoft Security Advisory (2728973): Unauthorized Digital Certificates Could Allow Spoofing - Vers

    Revision Note: V1.0 (July 10, 2012): Advisory published. Summary: Microsoft is aware of Microsoft certificate authorities that are outside our recommended secure storage practices. Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and...
  4. News

    More on DigiNotar Certificates, and September Bulletins

    In an effort to protect customers, last week we released Security Advisory 2607712 along with a non-security update to add fraudulent DigiNotar certificates to the Windows Untrusted Certificate Store. Today, we are releasing another update (2616676), adding six additional DigiNotar root...
  5. News

    More on Microsoft’s response to the DigiNotar compromise

    Microsoft’s investigation into the scope and impact of the DigiNotar compromise has continued over the holiday weekend. We’ve now confirmed that spoofed certificates for *.microsoft.com and *.windowsupdate.com are among those issued by the Dutch firm. Users of Vista and later...
Back
Top