Microsoft Security Advisory (2641690) - Fraudulent Digital Certificates Could Allow Spoofing
Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.
DigiCert Sdn. Bhd is not affiliated with the corporation DigiCert, Inc., which is a member of the Microsoft Root Certificate Program.
There is no indication that any certificates were issued fraudulently. Instead, cryptographically weak keys have allowed some of the certificates to be duplicated and used in a fraudulent manner.
Microsoft is providing an update for all supported releases of Microsoft Windows that revokes the trust in DigiCert Sdn. Bhd.
The update revokes the trust of the following two intermediate CA certificates:
Digisign Server ID – (Enrich), issued by Entrust.net Certification Authority (2048) Digisign Server ID (Enrich), issued by GTE CyberTrust Global Root
Recommendation:
Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. Please see the Suggested Actions section of this advisory for more information.
As a reminder to people who have an x64-bit system:
On x64, you actually have two separate versions of IE. One is a 32-bit version (yes, on a x64-bit system), and the other is a 64-bit version.
Flash 11 is available, separately, for each of these: If you use the 32-bit IE on an x64-bit system, you will need the 32-bit ActiveX Flash for it; and if you use the 64-bit IE, that will need the x64-bit ActiveX Flash. [If you use both IE browser versions, you will need to install both Flash ActiveX versions.] In other words, the browser version (rather than the O/S version) determines which Flash it needs.
Similar considerations apply to your other browsers: there's a separate 32-bit and x64-bit version of the Flash 11 Plugin.
ky331
3 Apprentice
•
15.6K Posts
0
November 11th, 2011 04:00
Microsoft Security Advisory (2641690) - Fraudulent Digital Certificates Could Allow Spoofing
Microsoft is aware that DigiCert Sdn. Bhd, a Malaysian subordinate certification authority (CA) under Entrust and GTE CyberTrust, has issued 22 certificates with weak 512 bit keys. These weak encryption keys, when broken, could allow an attacker to use the certificates fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.
DigiCert Sdn. Bhd is not affiliated with the corporation DigiCert, Inc., which is a member of the Microsoft Root Certificate Program.
There is no indication that any certificates were issued fraudulently. Instead, cryptographically weak keys have allowed some of the certificates to be duplicated and used in a fraudulent manner.
Microsoft is providing an update for all supported releases of Microsoft Windows that revokes the trust in DigiCert Sdn. Bhd.
Bugbatter
3 Apprentice
•
20.5K Posts
0
November 11th, 2011 05:00
The update revokes the trust of the following two intermediate CA certificates:
Digisign Server ID – (Enrich), issued by Entrust.net Certification Authority (2048)
Digisign Server ID (Enrich), issued by GTE CyberTrust Global Root
Recommendation:
Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. Please see the Suggested Actions section of this advisory for more information.
https://technet.microsoft.com/en-us/security/advisory/2641690
ky331
3 Apprentice
•
15.6K Posts
0
November 11th, 2011 07:00
As a reminder to people who have an x64-bit system:
On x64, you actually have two separate versions of IE. One is a 32-bit version (yes, on a x64-bit system), and the other is a 64-bit version.
Flash 11 is available, separately, for each of these: If you use the 32-bit IE on an x64-bit system, you will need the 32-bit ActiveX Flash for it; and if you use the 64-bit IE, that will need the x64-bit ActiveX Flash. [If you use both IE browser versions, you will need to install both Flash ActiveX versions.] In other words, the browser version (rather than the O/S version) determines which Flash it needs.
Similar considerations apply to your other browsers: there's a separate 32-bit and x64-bit version of the Flash 11 Plugin.