Microsoft Releases Diginotar Related Patch and Advisory
Microsoft released an advisory [1] earlier today announcing that they will place a number of DigiNotar root certificates on the "not trusted" list.
A blog article further explains how certificate stores can be manipulated manually [2].
One important difference between this most recent advisory, and an earlier advisory [3] is that Windows Mobile 6.x/7/7.5 is no longer listed as affected. The earlier advisory stated that Windows Mobile 6.x and 7 are affected. It didn't mention Windows Mobile 7.5. (thanks to a read for pointing this out)
[1]http://www.microsoft.com/technet/security/advisory/2607712.mspx
[2]http://blogs.technet.com/b/srd/archive/2011/09/04/protecting-yourself-from-attacks-that-leverage-fraudulent-diginotar-digital-certificates.aspx
[3] http://technet.microsoft.com/en-us/security/advisory/2524375
------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter
Application Security: Securing Web Apps, APIs, and Microservices | Washington | Dec 13th - Dec 18th 2024 |
Comments
- http://news.yahoo.com/second-firm-warns-concern-dutch-hack-215940770.html
Sep. 6, 2011 AMSTERDAM (AP) — "A company that sells certificates guaranteeing the security of websites, GlobalSign, says it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers..."
> http://www.globalsign.com/company/press/090611-security-response.html
"It's a beautiful day in the neighborhood ..." - Mr. Rodgers
.
PC.Tech
Sep 6th 2011
1 decade ago
patermann
Sep 8th 2011
1 decade ago
AndrewB
Sep 8th 2011
1 decade ago