The fallout from the DigiNotar compromise continued on Tuesday, as Microsoft said it has now revoked its trust of all five of the certificate authority's root certificates. The update that makes this change is being pushed out to users on all supported versions of Windows.
The move by Microsoft effectively makes any certificate that has been issued by DigiNotar untrusted by Internet Explorer and other Windows applications. Any IE user who visits a site that presents a DigiNotar-issued certificate as proof of identity will get an error message telling him that the certificate isn't trusted. Microsoft's change applies to these root certificates from DigiNotar:
- DigiNotar Root CA
- DigiNotar Root CA G2
- DigiNotar PKIoverheid CA Overheid
- DigiNotar PKIoverheid CA Organisatie – G2
- DigiNotar PKIoverheid CA Overheid en Bedrijven
The company posted a message on its corporate Twitter feed, saying: "We are aware of the Comodo hacker BLOG that claims access to a number of major CAs including GlobalSign. We are taking this claim seriously and are investigating."
-------------------------------------------------------------------------------------------------
MSRC: Microsoft updates Security Advisory 2607712
https://blogs.technet.com/b/msrc/archive/2011/09/06/microsoft-updates-security-advisory-2607712.aspx
Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2607712.mspx
No comments:
Post a Comment