« Speedy SPDY | Main | More Info on Microsoft Security Advisory (2718704) »

06/03/2012

Microsoft Security Advisory (2718704)

Microsoft issued the following security advisory tonight:

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

Hopefully there will be more details on Monday. The Internet storm center posted this advisory. An excerpt:

Microsoft just released an emergency bulletin, and an associated patch, notifying users of Windows that a "unauthorized digital certificates derived from a Microsoft Certificate Authority" was used to sign components of the "Flame" malware.

Scary stuff...

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01156fbc6fe6970c0168ec0e880a970c

Listed below are links to weblogs that reference Microsoft Security Advisory (2718704):

Comments