Microsoft revokes 28 of its code-signing certificates
Posted on 11 July 2012.
The long awaited patch for the CVE-2012-1889 vulnerability that has been heavily exploited in the wild and the exploit for which has even been included in the Blackhole Exploit Kit is not the only big news from the latest Patch Tuesday.

Among other things, Microsoft has notified users that it has made available an automated Microsoft Fix it solution (a workaround - not a patch) that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7, because of a number of vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.

The vulnerabilities in question will be revealed in a scheduled talk at the Black Hat security conference later this month in Las Vegas by two security researchers who shared their knowledge with Microsoft beforehand in order not to endanger users.

The company has also issued an advisory notifying users that it has revoked trust in 28 of its own intermediate CA certificates.

"Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and replacing them with new certificate authorities that meet our high standard of public-key infrastructure (PKI) management," they said. "We are unaware of any misuse of the certificate authorities, but are taking pre-emptive action to protect customers."

The revoked certificates could be uses to spoof content, perform phishing attacks, or perform man-in-the-middle attacks, and this move by Microsoft is the result of the discovery of the misuse of the company's trusted digital signatures by the recently discovered Flame malware.






Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 29th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //