Patch: Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing

Posted by bink on September 7 2011, 1:25 AM.

Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store. A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Microsoft is continuing to investigate this issue. Based on preliminary investigation, Microsoft is providing an update for all supported releases of Microsoft Windows that revokes the trust of the following DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store:

DigiNotar Root CA

DigiNotar Root CA G2

DigiNotar PKIoverheid CA Overheid

DigiNotar PKIoverheid CA Organisatie - G2

DigiNotar PKIoverheid CA Overheid en Bedrijven

For supported releases of Microsoft Windows, typically no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For more information, including how to manually install this update.

Read the audit report how bad the security was at the Dutch Certificate Authority Diginotar was :

DigiNotar public report version 1

Download the patches now:

Download the Update for Windows 7 (KB2607712) package now.

Download the Update for Windows 7 for x64-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 R2 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 R2 x64 Edition (KB2607712) package now.

Download the Update for Windows Vista (KB2607712) package now.

Download the Update for Windows Vista for x64-based Systems (KB2607712) package now. )

Download the Update for Windows Server 2008 (KB2607712) package now.

Download the Update for Windows Server 2008 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2008 x64 Edition (KB2607712) package now.

Download the Update for Windows XP (KB2607712) package now. 

Download the Update for Windows XP x64 Edition (KB2607712) package now. 

Download the Update for Windows Server 2003 (KB2607712) package now. 

Download the Update for Windows Server 2003 for Itanium-based Systems (KB2607712) package now.

Download the Update for Windows Server 2003 x64 Edition (KB2607712) package now.

 

Microsoft Security Advisory (2607712) Fraudulent Digital Certificates Could Allow Spoofing