An out-of-band update was pushed to my windows boxes today to patch the Certificate Revocation Lists. Microsoft doesn't seem to have released a whole lot of info about this, but the security advisory is here:
http://technet.microsoft.com/en-us/security/advisory/2718704 EDIT: Download links on this page:
http://support.microsoft.com/kb/2718704Apparently the following certificates need to be revoked:
Certificate Issued by Thumbprint
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
Microsoft Enforced Licensing Registration Authority CA (SHA1) Microsoft Root Certificate Authority fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97
This kind of update is only done for major emergencies, so if you have any systems that are not getting automatic updates, or if you have non-microsoft systems that trust these roots, you will need to either apply the patch manually or add these to your CRLs.
Here are 2 additional quotes from the page:
What is the scope of the advisory?
The purpose of this advisory is to notify customers that Microsoft has confirmed two unauthorized certificates have been issued by Microsoft and are being used in active attacks. During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers.
Microsoft has issued an update for all supported releases of Microsoft Windows that addresses the issue. For affected devices, no update is available at this time.
and
What caused the issue?
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. A unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Stay safe out there.
