Microsoft Revokes Unauthorized Certs

Microsoft has issued an emergency update to revoke 45 of the unauthorized certificates from National Informatics Centre (NIC) of India. The updates revoke trust in three intermediary certificates from NIC so that all domain certificates, including some legitimate ones, will be invalid.

“These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Web properties,” a Microsoft advisory warned. “The subordinate CAs may also have been used to issue certificates for other, currently unknown sites, which could be subject to similar attacks.”

The update will be automatically delivered to PCs running Windows 8, 8.1, RT, RT 8.1, Server 2012, Server 2012 RS, Phone 8, and Phone 8.1.

Users running Windows 7, Vista, Server 2008, and Server 2008 RS may or may not have the automatic updater installed. See the Microsoft KB article 2677070 for details. Administrators can find details in the KB article 2813430.

There is presently no way to revoke the certificates for Windows 2003.

Read the story in the news.


About MIT
IT Security Awareness Consultant and Communications Specialist at MIT

Comments are closed.

%d bloggers like this: