Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Improperly Issued Digital Certificates could allow Spoofing

 

Systems Affected



Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit and x64 bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit and x64 bit Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit and x64 bit Systems
Windows 8.1 for 32-bit and x64 bit Systems
Windows RT 8 and 8.1
Windows Server 2012 and 2012 R2
Windows Server 2008 for 32-bit and x64 bit Systems Service Pack 2
(Server Core Installation)
Windows Server 2008 R2 for x64-based Systems (Server Core Installation)
Windows Server 2012 and 2012 R2 (Server Core Installation)
Windows Phone 8 and 8.1

Threat Level


High


Overview


Certain SSL certificates have been unauthorizedly got issued through National Informatics Centre-CA (NIC-CA). These certificates could be exploited by remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks.


Description


A remote attacker could use these certificates to spoof content, perform phishing attacks or man-in-the-middle attacks against web properties. Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove untrusted certificates.


Impact



Solution/ Workarounds


Apply appropriate updates as mentioned in Microsoft Security Advisory 2982792


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.