D-Link's digital certificate disclosing could allow spoofing
D-Link Corporation disclosed four digital certificates recently inadvertently that attackers could use to spoof content.
While the certificates cannot be used to issue others or impersonate domains, they can be used to sign code which attackers could use to (better) disguise malware as legitimate software.
Microsoft has released a security advisory and an update to remove the affected digital certificates from supported versions of Windows. D-Link has revoked the certificates in the meantime as well.
The four leaked digital certificates are:
|Certificate||Issued byÂ Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â||Thumbprint|
|DLINK CORPORATION||Symantec Corporation||â€Žâ€Ž3e b4 4e 5f fe 6d c7 2d ed 70 3e 99 90 27 22 db 38 ff d1 cb|
|Alpha Networks||Symantec Corporation||â€Žâ€Ž73 11 e7 7e c4 00 10 9d 6a 53 26 d8 f6 69 62 04 fd 59 aa 3b|
|KEEBOX||GoDaddy.com, LLC||91 5a 47 8d b9 39 92 5d a8 d9 ae a1 2d 8b ba 14 0d 26 59 9c|
|TRENDnet||GoDaddy.com, LLC||db 50 42 ed 25 6f f4 26 86 7b 33 28 87 ec ce 2d 95 e7 96 14|
The issue affects all current Microsoft operating systems that are still supported by the company starting with Windows Vista Service Pack 2 to Windows 10 on the client side, and Windows Server 2008 Service Pack 2 to Windows Server 2012 R2 on the server side.
The update is delivered automatically to all supported operating systems.Windows Vista, Windows 7, Windows Server 2008 and 2008 R2 systems need to have the "automatic updater of revoked certificates" installed. Microsoft customers in disconnected environments need to consult the following Microsoft Knowledgebase article for additional information.
One way to check that it has been applied is to verify this through the Event Viewer.
- Tap on the Windows-key, type Event Viewer and hit enter.
- Select Action > Create Custom View.
- Select "by source" and then the source CAPI2.
- Click ok, and on the next screen ok again.
- Wait until the list of events has been loaded and scroll down to the very bottom.
- You should see an information level event with the Event ID 4112 there.
- Double-click on it. It should have the description: Successful auto update of disallowed certificate list with effective date.
The update has not been applied yet if you don't see it listed yet in the Event Viewer. (via Deskmodder)Advertisement