Saturday, January 5, 2013

Microsoft Security Advisory (2798897) - Zero-Day exploit

Yesterday (01/03/2012) Microsoft has released a security advisory notification for “Fraudulent Digital Certification” advice in their Microsoft Security Advisory (2798897) bulletin.
According to Microsoft “TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to * This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties”.

Complete Microsoft Security Advisory (2798897) bulletin is available @
Affected Platforms: All supported releases of Microsoft Windows

What action required: According to Microsoft all the machines need to apply this patch SAP.
Provided with two patching options:
1.        Install Automatic updater of revoked certificates (see for details)

2.        Download and Install ONLY the patch 2798897 (

The automatic updater will check the certificate statuses and update the computer certificate root.
Installing the current 2798897 patch will apply only the un-trusted certificates released till today. For future release and updates, we need to manually apply the patch.

How to Install:

You can apply this patch using SCCM software updates. This will be like any other software updates.

The other way is, download the patch 2798897 from
and create a software package then advertise to your clients collection. The installation is straight forward and it won’t ask you to reboot. I have applied this patch to our client machines and none of them reported any issues. According to Microsoft there is no rollback available for this update, but the certificates can be removed manually if the problem is on limited number of machines or if the problem is wide spread then create a script and uninstall through SCCM using certmgr.exe

No comments:

Post a Comment