Bitcoin Forum
December 03, 2016, 12:27:21 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Immediately add these certificate thumbprints to your CRLs -Microsoft roots  (Read 1261 times)
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 04, 2012, 02:23:12 PM
 #1

An out-of-band update was pushed to my windows boxes today to patch the Certificate Revocation Lists. Microsoft doesn't seem to have released a whole lot of info about this, but the security advisory is here: http://technet.microsoft.com/en-us/security/advisory/2718704 EDIT: Download links on this page: http://support.microsoft.com/kb/2718704

Apparently the following certificates need to be revoked:

Code:
Certificate Issued by Thumbprint
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
Microsoft Enforced Licensing Registration Authority CA (SHA1) Microsoft Root Certificate Authority fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

This kind of update is only done for major emergencies, so if you have any systems that are not getting automatic updates, or if you have non-microsoft systems that trust these roots, you will need to either apply the patch manually or add these to your CRLs.

Here are 2 additional quotes from the page:
Quote
What is the scope of the advisory?
The purpose of this advisory is to notify customers that Microsoft has confirmed two unauthorized certificates have been issued by Microsoft and are being used in active attacks. During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers.

Microsoft has issued an update for all supported releases of Microsoft Windows that addresses the issue. For affected devices, no update is available at this time.
and
Quote
What caused the issue?
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. A unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Stay safe out there.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480724841
Hero Member
*
Offline Offline

Posts: 1480724841

View Profile Personal Message (Offline)

Ignore
1480724841
Reply with quote  #2

1480724841
Report to moderator
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 04, 2012, 02:35:19 PM
 #2

Update; I found a bit of info here: http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

Apparently it is related to the Flame worm/virus. Probably does not affect systems outside of MS products, because the roots are only for licensing.

Quote
We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
June 04, 2012, 02:45:48 PM
 #3

In other words, scare tactics to get you to add a patch for anti-pirating?

rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
June 04, 2012, 02:47:32 PM
 #4

In other words, scare tactics to get you to add a patch for anti-pirating?
Dunno about the pirating, but all it does it make some certificates untrusted because they used a hackable algorithm. You can apply it manually without installing anything by revoking the thumbprints above.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Matthew N. Wright
Untrustworthy
Hero Member
*****
Offline Offline

Activity: 588


Hero VIP ultra official trusted super staff puppet


View Profile
June 04, 2012, 02:56:48 PM
 #5

In other words, scare tactics to get you to add a patch for anti-pirating?
Dunno about the pirating, but all it does it make some certificates untrusted because they used a hackable algorithm. You can apply it manually without installing anything by revoking the thumbprints above.


Thanks for clarifying. I don't trust any updates from MS ordinarily. They seldom explain themselves and they often break shit.

compro01
Hero Member
*****
Offline Offline

Activity: 485


View Profile
June 04, 2012, 09:48:14 PM
 #6

This is related to the "flame" malware going around.

http://www.securityweek.com/microsoft-unauthorized-certificate-was-used-sign-flame-malware
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!