You are here

T-706: Microsoft Fraudulent Digital Certificate Issued by DigiNotar

August 30, 2011 - 8:45am

Addthis

PROBLEM:

Digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

PLATFORM:

Windows XP Service Pack 3, Windows XP Professional x64 Edition Service Pack 2, Windows Server 2003 Service Pack 2, Windows Server 2003 x64 Edition Service Pack 2, Windows Server 2003 with SP2 for Itanium-based Systems, Windows Vista Service Pack 2, Windows Vista x64 Edition Service Pack 2, Windows Server 2008 for 32-bit Systems Service Pack 2*, Windows Server 2008 for x64-based Systems Service Pack 2*, Windows Server 2008 for Itanium-based Systems Service Pack 2, Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1, , Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1, Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*, Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack

ABSTRACT:

Fraudulent Digital Certificate Issued by DigiNotar, a Certification Authority Present in the Trusted Root Certification Authorities

reference LINKS:

Microsoft Security Advisory (2607712)
Microsoft Consumer Security Support Center
Microsoft Security TechCenter

IMPACT ASSESSMENT:

High

Discussion:

Microsoft is aware of at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows. Although this is not a vulnerability in a Microsoft product, Microsoft is taking action to protect customers. Microsoft has been able to confirm that one digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Microsoft is continuing to investigate how many more certificates have been fraudulently issued. As a precautionary measure, Microsoft has removed the DigiNotar root certificate from the Microsoft Certificate Trust List. All supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Users of these operating systems will be presented with an invalid certificate error when they browse to a Web site or try to install programs signed by the DigiNotar root certificate. In those cases users should follow the instructions in the message. Microsoft will release a future update to address this issue for all supported editions of Windows XP and Windows Server 2003. Microsoft is continuing to investigate this issue and may release future updates to help protect customers.

Impact:

Digital certificate affects all subdomains of google.com and may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Solution:

Microsoft is continuing to investigate this issue and may release future updates.
Microsoft Support

Addthis