Tuesday, December 10, 2013

Microsoft Security Advisory (2916652) for Improperly Issued Digital Certificates

Microsoft word zero day exploit warning:
Today (12/10/2013) Microsoft has issued a security alert on an improperly issued subordinate CS certificate that could be used in attempts to spoof contents, perform phishing attacks. The mentioned subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows.
How this impact Microsoft Windows?
The improperly issued CA certificate has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. The subordinate CA certificate may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks.

Affected Software and Devices:
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows RT
Windows RT 8.1
Windows Server 2012
Windows Server 2012 R2

Server Core installation option
Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
Windows Server 2008 R2 for x64-based Systems (Server Core installation)
Windows Server 2012 (Server Core installation)
Windows Server 2012 R2 (Server Core installation)

Windows Phone 8

Suggested Action:
By default an automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.

For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action because the CTL will be updated automatically.

As of today there is no update is available for customers running Windows XP and Windows Server 2003, or for customers who choose not to install the automatic updater of revoked certificates.

Complete Microsoft Security Advisory (2916652) for Improperly Issued Digital Certificates Could 

Allow Spoofing can be found at http://technet.microsoft.com/en-us/security/advisory/2916652 


Updated (12/12/2013):
Microsoft has released a fix for customers running Windows XP or Windows Server 2003 or for customers who choose not to install the automatic updater of revoked certificates, Microsoft recommends that the 2917500 update be applied immediately using update management software or by checking for updates using the Microsoft Update service or by downloading and applying the update manually. See Microsoft Knowledge Base Article 2917500 for download links.

1 comment:

  1. Wow ! What an eye opener this post has been for me. Very much appreciated and bookmarked it. Thanks for sharing this informative post !

    ReplyDelete