{"id":1171,"date":"2012-06-05T08:52:15","date_gmt":"2012-06-05T08:52:15","guid":{"rendered":"http:\/\/www.camcert.gov.kh\/?p=1171"},"modified":"2012-06-11T16:26:08","modified_gmt":"2012-06-11T16:26:08","slug":"camsa12-07-microsoft-microsoft-security-advisory-2718704-unauthorized-digital-certificates","status":"publish","type":"post","link":"https:\/\/www.camcert.gov.kh\/en\/camsa12-07-microsoft-microsoft-security-advisory-2718704-unauthorized-digital-certificates\/","title":{"rendered":"CamSA12-07: Microsoft Security Advisory (2718704) &#8211; Unauthorized Digital Certificates"},"content":{"rendered":"<p><strong>I. Overview\u00a0<\/strong><\/p>\n<p>Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack.<\/p>\n<p>The following certificates have been revoked by this update:<\/p>\n<p>&#8211;\u00a0Microsoft Enforced Licensing Intermediate PCA (2 certificates)<\/p>\n<p>&#8211;\u00a0Microsoft Enforced Licensing Registration Authority CA (SHA1)<\/p>\n<p>An attacker could obtain a certificate that could be used to illegitimately sign code as Microsoft. The signed code could then be used in a variety of attacks in which the code would appear to be trusted by Windows.<\/p>\n<p>An attacker could offer software that appeared to be signed by a valid and trusted Microsoft certificate chain. As noted in an\u00a0<a href=\"https:\/\/blogs.technet.com\/b\/msrc\/archive\/2012\/06\/03\/microsoft-releases-security-advisory-2718704.aspx\">MSRC blog post<\/a>, &#8220;&#8230;some components of the [Flame] malware have been signed by certificates that allow software to appear as if it was produced by Microsoft.&#8221;<\/p>\n<p><strong>II. Effected System<\/strong><\/p>\n<p>&#8211; Microsoft Windows XP and Server 2003<br \/>\n&#8211; Microsoft Windows Vista and Server 2008<br \/>\n&#8211; Microsoft Windows 7 and Server 2008 R2<br \/>\n&#8211; Microsoft Windows 8 Consumer Preview<br \/>\n&#8211; Microsoft Windows Mobile and Phone<\/p>\n<p><strong>III. Patches<\/strong><\/p>\n<p><a href=\"http:\/\/support.microsoft.com\/kb\/2718704\" target=\"_blank\">&#8211; Microsoft Knowledge Base Article 2718704<\/a><\/p>\n<p><strong>IV. Solutions<\/strong><\/p>\n<p>It is important to act quickly to revoke trust in the affected certificates. Any certificates issued by the Microsoft Terminal Services licensing certificate authority (CA) could be used for illegitimate purposes and should not be trusted.<\/p>\n<p><strong>Apply updates<\/strong><\/p>\n<p>Apply the appropriate versions of\u00a0<a href=\"http:\/\/support.microsoft.com\/kb\/2718704\">KB2718704<\/a>\u00a0to add the affected certificates to the Untrusted Certificate Store. Updates will reach most users via automatic updates and Windows Server Update Services (<a href=\"http:\/\/technet.microsoft.com\/en-us\/windowsserver\/bb332157.aspx\">WSUS<\/a>).<\/p>\n<p><strong>Revoke trust in affected certificates<\/strong><\/p>\n<p>Manually add the affected certificates to the Untrusted Certificate Store. The\u00a0<a href=\"http:\/\/msdn.microsoft.com\/en-us\/library\/ms788967.aspx\">Certifcates MMC snap-in<\/a>\u00a0and\u00a0<a href=\"http:\/\/technet.microsoft.com\/en-us\/library\/cc732443%28v=ws.10%29.aspx\">Certutil<\/a>\u00a0command can be used on Windows systems.<\/p>\n<p><strong>V. Contact Information<\/strong><\/p>\n<p>&#8211; Email: office@camcert.gov.kh<\/p>\n<p>&#8211; Tel: (855) 92 335 536 \u2013 (855) 16 888 209<\/p>\n<p>[message_box title=&#8221;Disclaimer&#8221; color=&#8221;yellow&#8221;]<\/p>\n<p>The information provided herein is on &#8220;as is&#8221; basis, without warranty of any kind.<\/p>\n<p>[\/message_box]<\/p>\n<p>&nbsp;<\/p>\n"},"excerpt":{"rendered":"<p>I. Overview\u00a0 Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack. The following certificates have been revoked by this update: &#8211;\u00a0Microsoft Enforced Licensing Intermediate [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1117,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,9],"tags":[85,84],"class_list":["post-1171","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-13","category-security-alert","tag-85","tag-security-alert"],"_links":{"self":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/1171","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/comments?post=1171"}],"version-history":[{"count":4,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/1171\/revisions"}],"predecessor-version":[{"id":1175,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/1171\/revisions\/1175"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media\/1117"}],"wp:attachment":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media?parent=1171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/categories?post=1171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/tags?post=1171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}