Microsoft Updates Windows To Block Fraudulent Digital Certificates

Martin Brinkmann
Mar 25, 2011
Updated • Dec 14, 2014
Security, Windows Updates
|
5

If you follow this blog closely you may have noticed that several browser developers have pushed security updates in the past week (see Mozilla Releases Firefox 3 Security Updates for instance) that block several invalid digital certificates to protect users from attacks exploiting those certificates.

Microsoft is currently pushing out a Windows Update that addresses the situation on Windows. Lets take a closer look at what actually happened before we go into details about that.

Comodo, a certification authority, notified Microsoft and other companies on March 16 that "nine certificates had been signed on behalf of a third party without sufficiently validating its identity".

The following domains are affected by the certificates:

  • login.live.com
  • mail.google.com
  • www.google.com
  • login.yahoo.com
  • login.skype.com
  • addons.mozilla.org
  • Global Trustee

These domains are some of the most visited domains on the Internet.

Microsoft notes that "these certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer".

Comodo has revoked the certificates in the meantime. Microsoft has released a security update for all versions of Windows that moves the fraudulent certificates into the untrusted certificate store of Microsoft Windows.

The update is provided via Windows Update and Microsoft Download. Users with automatic updating enabled will receive the update automatically, a restart of the system is not required after the update has been installed.

  • Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing at Microsoft Download [link] for direct downloading.
  • Security Advisory [link]

Here is how you can verify that the certificates are blocked after you have installed the update. Open an elevated command prompt. Windows 7 users click on Start, select All Programs > Accessories, right-click the Command Prompt program link and select Run as Administrator.

Enter mmc in the command prompt window to launch the Microsoft Management Console. Now follow these steps:

  • Press Ctrl-m or select File > Add / Remove Snap In
  • Find Certificates in the listing, select it with a left-click and click on Add.
  • Select Computer Account on the next window and press Finish
  • Click the ok button to leave the Add or Remove Snap-ins configuration window.
  • Expand the certificates listing under Console Root and then the Untrusted Certificates sub-listing. Click on the Certificates folder there.

untrusted certificates

You should now see the affected domain names in the listing. Issued by should read UTN-USERFirst-Hardware.

Summary
Microsoft Updates Windows To Block Fraudulent Digital Certificates
Article Name
Microsoft Updates Windows To Block Fraudulent Digital Certificates
Description
Microsoft released updates for Windows that moves certificates that were revoked recently to the untrusted certificate store to protect users from misuse.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Paul(us) said on December 27, 2010 at 2:05 am
    Reply

    I first read about the updates/always check them/ test them before installing them. Then i make a total mirror image from the (operating) system, with the new installed updates. After that i start cleaning up the updates on main operating system disk.

  2. pitman said on December 27, 2010 at 8:54 am
    Reply

    I let it download stuff but choose what to install, that is how I can avoid some crap it tries to install like “Live Essentials” and generally I like to have control.

  3. ilev said on December 27, 2010 at 9:07 am
    Reply

    The problem with Windows Updates isn’t what you know , but the crap Microsoft is sneaking into your PC , secretly, behind your back, like Firefox add-ons,…..

  4. Bjørn said on November 8, 2015 at 2:56 pm
    Reply

    “Recommended updates are otherwise (with the option disabled) displayed as available updates but installed automatically.”

    Shouldn’t this be:

    Recommended updates are otherwise (with the option disabled) displayed as available updates but NOT installed automatically.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.