Announcement Announcement Module
Collapse
No announcement yet.
Improperly Issued Digital Certificates could allow Spoofing Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Improperly Issued Digital Certificates could allow Spoofing

    Improperly Issued Digital Certificates could allow Spoofing

    Severity Rating: HIGH

    Systems Affected

    • Windows Server 2003 Service Pack 2
    • Windows Server 2003 x64 Service Pack 2
    • Windows Server 2003 with SP2 for Itanium-based Systems
    • Windows Vista Service Pack 2
    • Windows Vista x64 Edition Service Pack 2
    • Windows Server 2008 for 32-bit and x64 bit Systems Service Pack 2
    • Windows Server 2008 for Itanium-based Systems Service Pack 2
    • Windows 7 for 32-bit and x64 bit Systems Service Pack 1
    • Windows Server 2008 R2 for x64-based Systems Service Pack 1
    • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
    • Windows 8 for 32-bit and x64 bit Systems
    • Windows 8.1 for 32-bit and x64 bit Systems
    • Windows RT 8 and 8.1
    • Windows Server 2012 and 2012 R2
    • Windows Server 2008 for 32-bit and x64 bit Systems Service Pack 2 (Server Core Installation)
    • Windows Server 2008 R2 for x64-based Systems (Server Core Installation)
    • Windows Server 2012 and 2012 R2 (Server Core Installation)
    • Windows Phone 8 and 8.1

    Overview

    Certain SSL certificates have been unauthorizedly got issued through National Informatics Centre-CA (NIC-CA).
    These certificates could be exploited by remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks.

    Description

    A remote attacker could use these certificates to spoof content, perform phishing attacks or man-in-the-middle attacks against web properties.
    Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove untrusted certificates.

    Solution

    Apply appropriate updates as mentioned in Microsoft Security Advisory 2982792

    Vendor Information
    https://technet.microsoft.com/en-us/...curity/2982792

    Microsoft
    https://technet.microsoft.com/en-us/...curity/2982792

    References
    https://technet.microsoft.com/en-us/...curity/2982792

    Security Tracker
    http://securitytracker.com/id/1030548

    Cisco
    http://tools.cisco.com/security/cent...?alertId=34903
Working...
X