Microsoft Windows Includes Some Invalid Certificates Vulnerability

Last Update Date: 5 Jun 2012 12:03 Release Date: 5 Jun 2012 4255 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A vulnerability was identified in Microsoft Windows. A remote user may be able to spoof code signing signatures.

The operating system includes some invalid intermediate certificates. The invalid certificates and their thumbprints are:

Microsoft Enforced Licensing Intermediate PCA: 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70

Microsoft Enforced Licensing Intermediate PCA: 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08

Microsoft Enforced Licensing Registration Authority CA (SHA1): fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

The vulnerability is due to the certificate authorities and not the operating system itself.

Unauthorized digital certificates derived from these certificate authorities are being actively used in attacks.

Impact

  • Spoofing

System / Technologies affected

  • Windows XP
  • Windows 7
  • Windows Vista
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Mobile 6.x
  • Windows Phone 7 and 7.5

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (KB2718704), available via automatic update.

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Cisco Firewall Services Module Protocol Independent Multicast (PIM) Denial of Service Vulnerability

15 Mar 2012 4890 Views

Next

ISC BIND DNS Resource Records Handling Vulnerability

5 Jun 2012 4847 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY