Microsoft has issued a rather serious security advisory via TechNet, affecting virtually every currently supported Windows product, and issued a patch to correct the problem. The threat stems from unauthorized Microsoft Certificates being used to spoof content and carry out phishing attacks.
The report doesn't go into details on the attacks themselves, simply stating that Microsoft is aware of the problem and that the unauthorized certificates could be used to “spoof content, perform phishing attacks, or perform man-in-the-middle attacks.” Simply put, that's some pretty serious stuff, and the it could lead to a lot of personal information falling into the wrong hands if left unchecked.
Microsoft doesn't plan on letting that happen, and they suggest that install an update revoking the trust from the affected certificates, either via Windows Update. If that's not working for you, you can grab the patch directly from here.
The update addresses three certificates causing the problem, two from the Microsoft Enforced Licensing Intermediate PCA, and one from the Microsoft Enforced Licensing Registration Authority CA (SHA1). We'd love to tell you more, but that's all we've got for now.
Source: TechNet
16 Comments - Add comment