Fraudulent Digital Certificates Could Allow Spoofing - Version: 3.0


Extraordinary Robot
News Feed
Severity Rating:
Revision Note: V3.0 (January 19, 2012): Revised to announce the release of an update for Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices.
Summary: Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Continue reading...

This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.