This is related to the "flame" malware going around.
http://www.securityweek.com/microsoft-unauthorized-certificate-was-used-sign-flame-malware
Topic: Immediately add these certificate thumbprints to your CRLs -Microsoft roots (Read 1467 times)
June 04, 2012, 04:48:14 PM
hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
June 04, 2012, 09:56:48 AM
In other words, scare tactics to get you to add a patch for anti-pirating?
Dunno about the pirating, but all it does it make some certificates untrusted because they used a hackable algorithm. You can apply it manually without installing anything by revoking the thumbprints above.Thanks for clarifying. I don't trust any updates from MS ordinarily. They seldom explain themselves and they often break shit.
June 04, 2012, 09:47:32 AM
In other words, scare tactics to get you to add a patch for anti-pirating?
Dunno about the pirating, but all it does it make some certificates untrusted because they used a hackable algorithm. You can apply it manually without installing anything by revoking the thumbprints above.hero member
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
June 04, 2012, 09:45:48 AM
In other words, scare tactics to get you to add a patch for anti-pirating?
June 04, 2012, 09:35:19 AM
Update; I found a bit of info here: http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx
Apparently it is related to the Flame worm/virus. Probably does not affect systems outside of MS products, because the roots are only for licensing.
Apparently it is related to the Flame worm/virus. Probably does not affect systems outside of MS products, because the roots are only for licensing.
Quote
We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.
June 04, 2012, 09:23:12 AM
An out-of-band update was pushed to my windows boxes today to patch the Certificate Revocation Lists. Microsoft doesn't seem to have released a whole lot of info about this, but the security advisory is here: http://technet.microsoft.com/en-us/security/advisory/2718704 EDIT: Download links on this page: http://support.microsoft.com/kb/2718704
Apparently the following certificates need to be revoked:
This kind of update is only done for major emergencies, so if you have any systems that are not getting automatic updates, or if you have non-microsoft systems that trust these roots, you will need to either apply the patch manually or add these to your CRLs.
Here are 2 additional quotes from the page:
Stay safe out there.
Apparently the following certificates need to be revoked:
Code:
Certificate Issued by Thumbprint
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
Microsoft Enforced Licensing Registration Authority CA (SHA1) Microsoft Root Certificate Authority fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97
This kind of update is only done for major emergencies, so if you have any systems that are not getting automatic updates, or if you have non-microsoft systems that trust these roots, you will need to either apply the patch manually or add these to your CRLs.
Here are 2 additional quotes from the page:
Quote
What is the scope of the advisory?
The purpose of this advisory is to notify customers that Microsoft has confirmed two unauthorized certificates have been issued by Microsoft and are being used in active attacks. During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers.
Microsoft has issued an update for all supported releases of Microsoft Windows that addresses the issue. For affected devices, no update is available at this time.
andThe purpose of this advisory is to notify customers that Microsoft has confirmed two unauthorized certificates have been issued by Microsoft and are being used in active attacks. During our investigation, a third Certificate Authority has been found to have issued certificates with weak ciphers.
Microsoft has issued an update for all supported releases of Microsoft Windows that addresses the issue. For affected devices, no update is available at this time.
Quote
What caused the issue?
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. A unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. A unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Stay safe out there.
Jump to: