Windows: Microsoft emergency patch KB2718704 to revoke unauthorized certificates

SUMMARY: Windows: Microsoft emergency patch KB2718704 to revoke unauthorized certificates
POSTED ON: 06/04/2012
REPORTER: Jocelyn E Kasamoto (jocelyn)
START TIME: Jun 04 02:43 PM
END TIME: Jul 03 02:43 PM
DESCRIPTION: Microsoft released an emergency patch for Security Advisory KB2718704, "Unauthorized Digital Certificates Could Allow Spoofing". The Flame malware has been actively exploiting the unauthorized digital certificates.

Please run Windows Update ASAP to address this issue. All supported versions of Windows are affected.

From Microsoft Security Advisory (KB2718704):
http://technet.microsoft.com/en-us/security/advisory/2718704

General Information

Executive Summary

Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:

Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)

Recommendation. For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information, see the Suggested Actions section of this advisory. For affected devices, no update is available at this time.


To run Windows Update, in Windows 7/Vista:
1. Click Start button.
2. Type "windows update" in the box.
3. Click "Windows Update" under Programs.

In Windows XP, open Internet Explorer to windowsupdate.microsoft.com

To confirm that the unauthorized certificates have been revoked:
1. Open Internet Explorer.
2. Go to Tools > Internet Options.
3. In the Content tab, click Publishers in the Certificates section.
4. Click Untrusted Publishers tab.
5. The following should appear in the list of revoked certificates:

"Microsoft Enforced Licensing Intermediate PCA" (2 certificates)
"Microsoft Enforced Licensing Registration Authority CA (SHA1)"


If you need assistance, please contact the ITS Help Desk at 956-8883, email help@hawaii.edu or call 1-800-558-2669 toll free from the neighbor islands.


For more information

Microsoft releases Security Advisory 2718704
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

Microsoft Update and the Nightmare Scenario (F-Secure)
http://www.f-secure.com/weblog/archives/00002377.html

Microsoft recalls certificates exploited by Flame malware (NetworkWorld)
http://www.networkworld.com/news/2012/060412-microsoft-flame-259828.html?hpg1=bn

Microsoft throws 'kill switch' on own certificates after Flame hijack (Computerworld)
http://www.computerworld.com/s/article/9227716/Microsoft_throws_kill_switch_on_own_certificates_after_Flame_hijack?taxonomyId=82&pageNumber=1