Yesterday
(01/03/2012) Microsoft has released a security advisory notification for “Fraudulent
Digital Certification” advice in their Microsoft Security Advisory (2798897)
bulletin.
According
to Microsoft “TURKTRUST Inc. incorrectly created two subsidiary CAs
(*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary
CA was then used to issue a fraudulent digital certificate to *.google.com.
This fraudulent certificate could be used to spoof content, perform phishing
attacks, or perform man-in-the-middle attacks against several Google web
properties”.
Complete
Microsoft Security Advisory (2798897) bulletin is available @ http://technet.microsoft.com/en-us/security/advisory/2798897
Affected
Platforms: All
supported releases of Microsoft Windows
What action
required: According
to Microsoft all the machines need to apply this patch SAP.
Provided
with two patching options:1. Install Automatic updater of revoked certificates (see http://support.microsoft.com/kb/2677070 for details)
2. Download and Install ONLY the patch 2798897 (http://support.microsoft.com/kb/2798897)
The
automatic updater will check the certificate statuses and update the computer
certificate root.
Installing
the current 2798897 patch will apply only the un-trusted certificates released till
today. For future release and updates, we need to manually apply the patch.
How to Install:
You can apply this patch using SCCM software updates. This
will be like any other software updates.
The other way is, download the patch 2798897 from http://support.microsoft.com/kb/2798897
and create a software package then advertise to your clients collection. The installation is straight forward and it won’t ask you to reboot. I have applied this patch to our client machines and none of them reported any issues. According to Microsoft there is no rollback available for this update, but the certificates can be removed manually if the problem is on limited number of machines or if the problem is wide spread then create a script and uninstall through SCCM using certmgr.exe
No comments:
Post a Comment