|
Title: Immediately add these certificate thumbprints to your CRLs -Microsoft roots Post by: rjk on June 04, 2012, 02:23:12 PM An out-of-band update was pushed to my windows boxes today to patch the Certificate Revocation Lists. Microsoft doesn't seem to have released a whole lot of info about this, but the security advisory is here: http://technet.microsoft.com/en-us/security/advisory/2718704 EDIT: Download links on this page: http://support.microsoft.com/kb/2718704
Apparently the following certificates need to be revoked: Code: Certificate Issued by Thumbprint This kind of update is only done for major emergencies, so if you have any systems that are not getting automatic updates, or if you have non-microsoft systems that trust these roots, you will need to either apply the patch manually or add these to your CRLs. Here are 2 additional quotes from the page: Quote What is the scope of the advisory? andThe purpose of this advisory is to notify customers that Microsoft has confirmed two unauthorized certificates have been issued by Microsoft and are being used in active attacks. During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers. Microsoft has issued an update for all supported releases of Microsoft Windows that addresses the issue. For affected devices, no update is available at this time. Quote What caused the issue? Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. A unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Stay safe out there. Title: Re: Immediately add these certificate thumbprints to your CRLs -Microsoft roots Post by: rjk on June 04, 2012, 02:35:19 PM Update; I found a bit of info here: http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx
Apparently it is related to the Flame worm/virus. Probably does not affect systems outside of MS products, because the roots are only for licensing. Quote We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft. Title: Re: Immediately add these certificate thumbprints to your CRLs -Microsoft roots Post by: Matthew N. Wright on June 04, 2012, 02:45:48 PM In other words, scare tactics to get you to add a patch for anti-pirating?
Title: Re: Immediately add these certificate thumbprints to your CRLs -Microsoft roots Post by: rjk on June 04, 2012, 02:47:32 PM In other words, scare tactics to get you to add a patch for anti-pirating? Dunno about the pirating, but all it does it make some certificates untrusted because they used a hackable algorithm. You can apply it manually without installing anything by revoking the thumbprints above.Title: Re: Immediately add these certificate thumbprints to your CRLs -Microsoft roots Post by: Matthew N. Wright on June 04, 2012, 02:56:48 PM In other words, scare tactics to get you to add a patch for anti-pirating? Dunno about the pirating, but all it does it make some certificates untrusted because they used a hackable algorithm. You can apply it manually without installing anything by revoking the thumbprints above.Thanks for clarifying. I don't trust any updates from MS ordinarily. They seldom explain themselves and they often break shit. Title: Re: Immediately add these certificate thumbprints to your CRLs -Microsoft roots Post by: compro01 on June 04, 2012, 09:48:14 PM This is related to the "flame" malware going around.
http://www.securityweek.com/microsoft-unauthorized-certificate-was-used-sign-flame-malware |