Spyware, Viruses, & Security forum

Alert

Security Advisory 2798897 (Certificate Trust List Updated)

by Carol~ Moderator / January 3, 2013 2:39 AM PST
Security Advisory 2798897 released, Certificate Trust List updated

Dustin Childs @ the Microsoft Security Response Center :

3 Jan 2013 10:05 AM PST

Today we released Security Advisory 2798897 to notify customers that we are aware of active attacks using a fraudulent digital certificate issued by TURKTRUST Inc. To help protect customers, we have updated the Certificate Trust List (CTL) to remove the trust of the certificates causing this issue, and we encourage customers follow the guidance in Security Advisory 2798897.

TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com.

There is no action for customers using versions of Windows Vista and newer who have installed the Certificate Trust List feature, which we released in June. This feature helps protect customers from any potential issues caused by these certificates.

For Windows XP and Windows Server 2003 customers, or customers who chose not to install the Certificate Trust List feature, also known as Microsoft Knowledge Base Article 2677070, we recommend that this update be applied immediately using update management software, by checking for updates using the Microsoft Update service, or by downloading and applying the update manually.

For more information and details about the update, please see Security Advisory 2798897.

http://blogs.technet.com/b/msrc/archive/2013/01/03/security-advisory-2798897-released-certificate-trust-list-updated.aspx
Discussion is locked
You are posting a reply to: Security Advisory 2798897 (Certificate Trust List Updated)
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Security Advisory 2798897 (Certificate Trust List Updated)
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Thank you, Carol
by caktus / January 3, 2013 4:06 AM PST

Thank you, Carol for posting this. Everything I found on MS.com and Google regarding KB 2798897, EGO.GOV.TR, etc. seemed to indicate site and cert were safe. Thanks for passing on the straight scoop, I wish MS's vernacular were as straight forward.

Have a happy and prosperous New Year. Happy

Charlie

Collapse -
You're welcome, Charlie
by Carol~ Moderator / January 3, 2013 6:34 AM PST
In reply to: Thank you, Carol

"A blast from the past"! Nice to see a familiar face. Happy

You're not the only one who was confused. I read quite a few threads at various forums, where the subject was being discussed.

Coincidentally, I hadn't seen your post until (just) after adding "Fraudulent Certificate for Google Domains Found After Mistake by Turkish CA" to the News Thread.

Brian Krebs posted "Turkish Registrar Enabled Phishers to Spoof Google" not long after the above was posted. It may (or may not) shed some further light on the subject.

A Happy, Healthy and Prosperous New Year to you!

(If I prosper before you ....I'll split it with ya! Devil )

Carol

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

Does BMW or Volvo do it best?

Pint-size luxury and funky style

Shopping for a new car this weekend? See how the BMW X2 stacks up against the Volvo XC40 in our side-by-side comparison.