Microsoft Security Advisory 2641690 Addresses Fraudulent Digital Certificates ~ Security Garden

Thursday, November 10, 2011

Microsoft Security Advisory 2641690 Addresses Fraudulent Digital Certificates

Microsoft released Security Advisory 2641690 which relates to the revocation of trust in an Intermediate Certificate Authority, DigiCert Sdn. Bhd. (Digicert Malaysia).

The subordinate CA issued 22 certificates with weak 512 bit keys. The subordinate CA has also issued certificates without the appropriate usage extensions or revocation information. to a Windows kernel issue related to the Duqu malware, a trojan that injects malicious code into other processes.

If you do not have automatic updating enabled, the update is available by checking for updates or can be downloaded from KB Article 2641690.

References

MSRC: Untrusted Certificate Store to be updated
MSRC: Microsoft releases Security Advisory 2639658
Tech Net Advisory: Microsoft Security Advisory (2641690) Fraudulent Digital Certificates Could Allow Spoofing
Knowledge Base Article: Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

Welcome to the Security Garden, where everything is coming up roses.

The best way to protect your garden is to fence it in. The same applies to your computer.
Get computer security news and information, help, tips and more at the Security Garden.

Articles

My Garden Roots

Perennial Favorites

Article Categories

Thursday, November 10, 2011