Microsoft Revokes Trust in Five DigiNotar Root Certs

Via Threatpost.com -

The fallout from the DigiNotar compromise continued on Tuesday, as Microsoft said it has now revoked its trust of all five of the certificate authority's root certificates. The update that makes this change is being pushed out to users on all supported versions of Windows.

The move by Microsoft effectively makes any certificate that has been issued by DigiNotar untrusted by Internet Explorer and other Windows applications. Any IE user who visits a site that presents a DigiNotar-issued certificate as proof of identity will get an error message telling him that the certificate isn't trusted. Microsoft's change applies to these root certificates from DigiNotar:

• DigiNotar Root CA
• DigiNotar Root CA G2
• DigiNotar PKIoverheid CA Overheid
• DigiNotar PKIoverheid CA Organisatie – G2
• DigiNotar PKIoverheid CA Overheid en Bedrijven

The software giant said that it has continued to investigate the DigiNotar attack and work with other certificate authorities and software vendors as they all look for viable solutions to what has become a huge problem. Also on Tuesday, responding to claims by the hacker who has taken credit for the DigiNotar attack that he also has compromised several other high-level CAs, GlobalSign, one of the CAs mentioned, said it is aware of the claim and is looking into it.

The company posted a message on its corporate Twitter feed, saying: "We are aware of the Comodo hacker BLOG that claims access to a number of major CAs including GlobalSign. We are taking this claim seriously and are investigating."

-------------------------------------------------------------------------------------------------

MSRC: Microsoft updates Security Advisory 2607712
https://blogs.technet.com/b/msrc/archive/2011/09/06/microsoft-updates-security-advisory-2607712.aspx

Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2607712.mspx