Microsoft revokes 28 of its code-signing certificates
Posted on 11 July 2012.
The long awaited patch for the CVE-2012-1889 vulnerability that has been heavily exploited in the wild and the exploit for which has even been included in the Blackhole Exploit Kit is not the only big news from the latest Patch Tuesday.

Among other things, Microsoft has notified users that it has made available an automated Microsoft Fix it solution (a workaround - not a patch) that disables the Windows Sidebar and Gadgets on supported editions of Windows Vista and Windows 7, because of a number of vulnerabilities that involve the execution of arbitrary code by the Windows Sidebar when running insecure Gadgets.

The vulnerabilities in question will be revealed in a scheduled talk at the Black Hat security conference later this month in Las Vegas by two security researchers who shared their knowledge with Microsoft beforehand in order not to endanger users.

The company has also issued an advisory notifying users that it has revoked trust in 28 of its own intermediate CA certificates.

"Upon a routine review, we are placing these certificates in the Untrusted Certificate Store, and replacing them with new certificate authorities that meet our high standard of public-key infrastructure (PKI) management," they said. "We are unaware of any misuse of the certificate authorities, but are taking pre-emptive action to protect customers."

The revoked certificates could be uses to spoof content, perform phishing attacks, or perform man-in-the-middle attacks, and this move by Microsoft is the result of the discovery of the misuse of the company's trusted digital signatures by the recently discovered Flame malware.


The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.


Fri, Aug 1st