Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Releases Diginotar Related Patch and Advisory SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Releases Diginotar Related Patch and Advisory

Microsoft released an advisory [1] earlier today announcing that they will place a number of DigiNotar root certificates on the "not trusted" list. 

A blog article further explains how certificate stores can be manipulated manually [2].

One important difference between this most recent advisory, and an earlier advisory [3] is that Windows Mobile 6.x/7/7.5 is no longer listed as affected. The earlier advisory stated that Windows Mobile 6.x and 7 are affected. It didn't mention Windows Mobile 7.5. (thanks to a read for pointing this out)

 

[1]http://www.microsoft.com/technet/security/advisory/2607712.mspx
[2]http://blogs.technet.com/b/srd/archive/2011/09/04/protecting-yourself-from-attacks-that-leverage-fraudulent-diginotar-digital-certificates.aspx
[3] http://technet.microsoft.com/en-us/security/advisory/2524375

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3696 Posts
ISC Handler
... And now that everybody is updated to Firefox v6.0.2, Chrome v13.0.782.220, and applied MS Security Advisory 2607712... updated, we're all comfy and ready to deal with this:

- http://news.yahoo.com/second-firm-warns-concern-dutch-hack-215940770.html
Sep. 6, 2011 AMSTERDAM (AP) — "A company that sells certificates guaranteeing the security of websites, GlobalSign, says it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers..."
> http://www.globalsign.com/company/press/090611-security-response.html

"It's a beautiful day in the neighborhood ..." - Mr. Rodgers
.
Jack

160 Posts
You can download the update from here: http://support.microsoft.com/kb/2607712 - however, it requires Windows Genuine Advantage validation. Maybe they are hoping that people using pirated copies of Windows will get hacked?
patermann

35 Posts
You can also just delete the trusted certs from the cert store in Windows.
AndrewB

24 Posts

Sign Up for Free or Log In to start participating in the conversation!