Wednesday, 18 March 2015

Microsoft Warns Of Rogue SSL Certificate


Microsoft has warned Internet for a wrongly issued SSL certificate for the domain " Live.fi "that could be used to perform phishing attacks, spoof content and Man-in-the-middle attacks on Windows Live users. Live .fi is a Finnish domain where users can log in with a Microsoft account. Through the wrongly issued certificate, an attacker could create a malicious website, which browsers should show that it is a valid website. Also, an attacker who is between the user and the Internet may be intercepted by the certificate credentials and other data.

Microsoft says that it is not aware of attacks. Meanwhile, the certificate has been revoked by the Certificate Authority (CA) that issued the certificate. According to Paul van Brouwershaven GlobalSign involves Comodo, that would be misled by a false email account to create the certificate and issue.

Measures

To protect users against fraudulent use of the certificate will Microsoft on all supported Windows versions, the Certificate Trust List (CTL) update. In the case of Windows 8 and 8.1, Windows RT and RT 8.1, Windows Server 2012 and 2012 R2 and for devices running Windows Phone 8 and 8.1 users do not do anything, since these versions of Windows are automatically protected.

For Windows Vista, Windows 7, Windows Server 2008 and 2008 R2 users also need to take any action, as the automatic updater of revoked certificates is enabled. In the case of Windows Server 2003 or for users who do not use the automatic updater of revoked certificates, Microsoft recommends that every now available update ( 2.9175 million to install) directly.

No comments:

Post a Comment