Microsoft issues an urgent update to block fake SSL certificates
Yesterday, Microsoft released the Security Advisory 2982792 Security Notification, which informs users about updating the list of trusted digital certificates in all supported editions of Windows. Update exposed so-called. Certificate Trust List (CTL) or list of trusted certificates that is used by the OS as a source of information about valid certificates. Specifically, we are talking about SSL certificates that were issued by a compromised institution (CA) of India National Informatics Center (NIC). This is the so-called intermediate certification authority, which is trusted for Microsoft products and services, as well as for other large corporations.
A few days ago, Google published information that it became aware of SSL certificates for the company's domains that were issued by the above-mentioned CAs unauthorized. Relatively speaking, an attacker, having such a certificate, can present his source (web resource) as if he is a service of Google and at the same time the issued digital certificate will confirm this information. Later, the Google post was updated with information that digital certificates were also issued for the domains of the Yahoo service. It is indicated that the actual scale of the incident associated with the CA compromise is in fact unknown. While we are talking about several certificates for Google domains and one for the Yahoo domain. These certificates were revoked on July 3rd.
')
Revoked certificates can be used to compromise a connection, including with the following known domains:
Operating systems such as Windows 8, 8.1, RT, RT 8.1, Server 2012, as well as Windows Phone 8 and Windows Phone 8.1 will receive the corresponding CTL update automatically. Windows Vista, 7, or Server 2008 users may need to manually update using the instructions provided here .
Fig. In order to make sure that the revocation of compromised digital certificates is updated on Windows 8 / 8.1, as well as Windows RT and RT 8.1, launch the event management snap-in and look for the event 4112 in the application event log, as shown in the screenshot above.
For other systems, use this recommendation from the Microsoft Security Center or the Certificates MMC snap-in.
Fig. If you are using Windows prior to Windows 8, you can check the list of revoked certificates in the Certificates snap-in. Certificates with the following fingerprints should be on the list of revoked.
be secure.
Microsoft has become aware of incorrectly issued SSL certificates that can be used by attackers to spoofing content, phishing attacks, and Man-in-the-Middle attacks. These certificates were issued by the organization (center of certification) of the National Informatics Center (NIC), which is subordinate to another certificate authority of the Government of India Controller of Certifying Authorities. This certification authority is on the list of trusted Microsoft, so-called. Trusted Root Certification Authorities Store. The issue affects all supported editions of Microsoft Windows.
A few days ago, Google published information that it became aware of SSL certificates for the company's domains that were issued by the above-mentioned CAs unauthorized. Relatively speaking, an attacker, having such a certificate, can present his source (web resource) as if he is a service of Google and at the same time the issued digital certificate will confirm this information. Later, the Google post was updated with information that digital certificates were also issued for the domains of the Yahoo service. It is indicated that the actual scale of the incident associated with the CA compromise is in fact unknown. While we are talking about several certificates for Google domains and one for the Yahoo domain. These certificates were revoked on July 3rd.
')
Revoked certificates can be used to compromise a connection, including with the following known domains:
google.com
mail.google.com
gmail.com
m.gmail.com
smtp.gmail.com
ssl.gstatic.com
static.com
encrypted-tbn1.gstatic.com
encrypted-tbn2.gstatic.com
login.yahoo.com
mail.yahoo.com
mail.yahoo-inc.com
Operating systems such as Windows 8, 8.1, RT, RT 8.1, Server 2012, as well as Windows Phone 8 and Windows Phone 8.1 will receive the corresponding CTL update automatically. Windows Vista, 7, or Server 2008 users may need to manually update using the instructions provided here .
Fig. In order to make sure that the revocation of compromised digital certificates is updated on Windows 8 / 8.1, as well as Windows RT and RT 8.1, launch the event management snap-in and look for the event 4112 in the application event log, as shown in the screenshot above.
For other systems, use this recommendation from the Microsoft Security Center or the Certificates MMC snap-in.
Fig. If you are using Windows prior to Windows 8, you can check the list of revoked certificates in the Certificates snap-in. Certificates with the following fingerprints should be on the list of revoked.
be secure.
Source: https://habr.com/ru/post/229551/
All Articles