Security Advisory 2982792 released, Certificate Trust List updated

Discussion in 'Security Alerts' started by News, Jul 10, 2014.

  1. News

    News Extraordinary Robot
    News Feed

    Jun 27, 2006
    Likes Received:
    Today, we are updating the Certificate Trust List (CTL) for all supported releases of Microsoft Windows to remove the trust of mis-issued third-party digital certificates. These certificates could be used to spoof content and perform phishing or man-in-the-middle attacks against web properties.

    With this update, most customers will be automatically protected against this issue and will not need to take any action. If you do not have automatic updates enabled, or if you are on Windows Server 2003, please see the Security Advisory 2982792 for recommended actions. Additionally, the Enhanced Mitigation Experience Toolkit (EMET) 4.1, and newer versions, help to mitigate man-in-the-middle attacks by detecting untrusted or improperly issued SSL certificates through the Certificate Trust feature.

    For more information, please see Microsoft Security Advisory 2982792.

    Thank you,
    Dustin Childs
    Group Manager, Response Communications


    Continue reading...

Share This Page