D-Link Corporation disclosed four digital certificates recently inadvertently that attackers could use to spoof content.
While the certificates cannot be used to issue others or impersonate domains, they can be used to sign code which attackers could use to (better) disguise malware as legitimate software.
Microsoft has released a security advisory and an update to remove the affected digital certificates from supported versions of Windows. D-Link has revoked the certificates in the meantime as well.
The four leaked digital certificates are:
|DLINK CORPORATION||Symantec Corporation||3e b4 4e 5f fe 6d c7 2d ed 70 3e 99 90 27 22 db 38 ff d1 cb|
|Alpha Networks||Symantec Corporation||73 11 e7 7e c4 00 10 9d 6a 53 26 d8 f6 69 62 04 fd 59 aa 3b|
|KEEBOX||GoDaddy.com, LLC||91 5a 47 8d b9 39 92 5d a8 d9 ae a1 2d 8b ba 14 0d 26 59 9c|
|TRENDnet||GoDaddy.com, LLC||db 50 42 ed 25 6f f4 26 86 7b 33 28 87 ec ce 2d 95 e7 96 14|
The issue affects all current Microsoft operating systems that are still supported by the company starting with Windows Vista Service Pack 2 to Windows 10 on the client side, and Windows Server 2008 Service Pack 2 to Windows Server 2012 R2 on the server side.
The update is delivered automatically to all supported operating systems.Windows Vista, Windows 7, Windows Server 2008 and 2008 R2 systems need to have the "automatic updater of revoked certificates" installed. Microsoft customers in disconnected environments need to consult the following Microsoft Knowledgebase article for additional information.
One way to check that it has been applied is to verify this through the Event Viewer.
The update has not been applied yet if you don't see it listed yet in the Event Viewer. (via Deskmodder)Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.