Wednesday, March 23, 2011

Microsoft Security Advisory 2524375


Microsoft released  Security Advisory 2524375 to address nine (9) fraudulent digital certificates issued by Comodo Group Inc.

This is not a Microsoft security vulnerability and Comodo has since revoked the digital certificates. However, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users.  Microsoft is not aware of any active attacks.

These Comodo certificates affect the following Web properties:

  • login.live.com
  • mail.google.com
  • www.google.com
  • login.yahoo.com (3 certificates)
  • login.skype.com
  • addons.mozilla.org
  • "Global Trustee"

A mitigation update to help protect against inadvertent use of the fraudulent digital certificates. Customers should continue to utilize Internet Explorer's Security Status bar located on the right side of the address bar to verify that the site being visited is valid and secure.

The Microsoft mitigation is available for download from the Knowledge Base Article linked below and Windows Update.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


No comments: