Thursday, January 03, 2013

Security Advisory 2798897 Released, Certificate Trust List Updated

Security Advisory
Microsoft released Security Advisory 2798897 to provide notification regarding a a fraudulent digital certificate issued by TURKTRUST Inc.

TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was used to issue a fraudulent digital certificate to *.google.com.

Actions:

Windows Vista and newer:

With up-to-date security updates, your computer was protected with the installation of Microsoft Knowledge Base Article 2677070, released on June 12, 2012.

The update provides an automatic updater feature which includes a mechanism that allows Windows to specifically flag certificates as untrusted. With this feature, Windows checks daily for updated information about certificates that are no longer trustworthy.  In the past, movement of certificates to the untrusted store required a manual update.

If you have not installed KB 2677070, it is strongly advised that you do so as soon as possible.

Windows XP and Windows Server 2003

Because the automatic updater feature is not applicable to Windows XP and Windows Server 2003, it is necessary for users of these systems to manually check for updates.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: