Microsoft Addresses Fake DigiNotar Certificates

Posted by at 11:22 am on September 7, 2011

Microsoft has responded to the recently unveiled hack that saw DigiNotar issue fake security certificates for some high-profiles websites by issuing a patch on Tuesday. The patch only applies to affected versions of Windows Vista and is delivered through Internet Explorer​. After the vulnerability was discovered on August 28, Microsoft released a security advisory on August 29 and removed the DigitNotar root certificate from the Microsoft Certificate Trust List.

That initial update showed a warning to users who accessed a site signed by an untrusted DigiNotar root certificate. They could still click on through, however. Now, the software giant took its precautions a step further and won’t allow any access to websites that use fake DigiNotar certificates.

Meanwhile, another European Certificate Authority, the UK’s GlobalSign, warned that their certificates may also have been faked, as the individual responsible for the fake Comodo certificates claimed he had access four other high-profile Certificate Authorities. GlobalSign on Tuesday said it would temporarily cease issuing certificates until its own investigation is complete.

The fake certificates can be used to phish for victim’s information if the attacker has access to local networks, operates the network infrastructure between the victim and a site he or she is trying to access, or hijacks the DNS server used by ISPs

Leave a Reply

Sign Up For Our Newsletter

Sign up to receive breaking news
as well as receive other site updates

Enter your Email


Preview | Powered by FeedBlitz

Log in

Copyright © 2008 - 2020 · StreetCorner Media , LLC· All Rights Reserved ·