Microsoft Windows Includes Fraudulent Digital Certificates Vulnerability

Last Update Date: 10 Jan 2013 Release Date: 4 Jan 2013 5544 Views

RISK: Medium Risk

Medium Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A vulnerability was identified in Microsoft Windows. One fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store, could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

 

TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.
 

Impact

  • Spoofing

System / Technologies affected

  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8
  • Windows Server 2012
  • Windows RT
  • Windows Phone 8

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Asterisk Two Denial of Service Vulnerabilities

4 Jan 2013 5452 Views

Next

Oracle Solaris tcsd Denial of Service Vulnerability

11 Jan 2013 4909 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY