Windows: Microsoft emergency patch KB2718704 to revoke unauthorized certificates
|SUMMARY:||Windows: Microsoft emergency patch KB2718704 to revoke unauthorized certificates|
|REPORTER:||Jocelyn E Kasamoto (jocelyn)|
|START TIME:||Jun 04 02:43 PM|
|END TIME:||Jul 03 02:43 PM|
Microsoft released an emergency patch for Security Advisory KB2718704, "Unauthorized Digital Certificates Could Allow Spoofing". The Flame malware has been actively exploiting the unauthorized digital certificates.
Please run Windows Update ASAP to address this issue. All supported versions of Windows are affected.
From Microsoft Security Advisory (KB2718704):
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)
Recommendation. For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information, see the Suggested Actions section of this advisory. For affected devices, no update is available at this time.
To run Windows Update, in Windows 7/Vista:
1. Click Start button.
2. Type "windows update" in the box.
3. Click "Windows Update" under Programs.
In Windows XP, open Internet Explorer to windowsupdate.microsoft.com
To confirm that the unauthorized certificates have been revoked:
1. Open Internet Explorer.
2. Go to Tools > Internet Options.
3. In the Content tab, click Publishers in the Certificates section.
4. Click Untrusted Publishers tab.
5. The following should appear in the list of revoked certificates:
"Microsoft Enforced Licensing Intermediate PCA" (2 certificates)
"Microsoft Enforced Licensing Registration Authority CA (SHA1)"
If you need assistance, please contact the ITS Help Desk at 956-8883, email firstname.lastname@example.org or call 1-800-558-2669 toll free from the neighbor islands.
For more information
Microsoft releases Security Advisory 2718704
Microsoft Update and the Nightmare Scenario (F-Secure)
Microsoft recalls certificates exploited by Flame malware (NetworkWorld)
Microsoft throws 'kill switch' on own certificates after Flame hijack (Computerworld)