D-Link Corporation disclosed four digital certificates recently inadvertently that attackers could use to spoof content.
While the certificates cannot be used to issue others or impersonate domains, they can be used to sign code which attackers could use to (better) disguise malware as legitimate software.
Microsoft has released a security advisory and an update to remove the affected digital certificates from supported versions of Windows. D-Link has revoked the certificates in the meantime as well.
The four leaked digital certificates are:
|DLINK CORPORATION||Symantec Corporation||3e b4 4e 5f fe 6d c7 2d ed 70 3e 99 90 27 22 db 38 ff d1 cb|
|Alpha Networks||Symantec Corporation||73 11 e7 7e c4 00 10 9d 6a 53 26 d8 f6 69 62 04 fd 59 aa 3b|
|KEEBOX||GoDaddy.com, LLC||91 5a 47 8d b9 39 92 5d a8 d9 ae a1 2d 8b ba 14 0d 26 59 9c|
|TRENDnet||GoDaddy.com, LLC||db 50 42 ed 25 6f f4 26 86 7b 33 28 87 ec ce 2d 95 e7 96 14|
The issue affects all current Microsoft operating systems that are still supported by the company starting with Windows Vista Service Pack 2 to Windows 10 on the client side, and Windows Server 2008 Service Pack 2 to Windows Server 2012 R2 on the server side.
The update is delivered automatically to all supported operating systems.Windows Vista, Windows 7, Windows Server 2008 and 2008 R2 systems need to have the "automatic updater of revoked certificates" installed. Microsoft customers in disconnected environments need to consult the following Microsoft Knowledgebase article for additional information.
One way to check that it has been applied is to verify this through the Event Viewer.
The update has not been applied yet if you don't see it listed yet in the Event Viewer. (via Deskmodder)
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.