Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

Security Advisory 2798897 (Certificate Trust List Updated)

by Carol~ Jan 3, 2013 2:39AM PST
Security Advisory 2798897 released, Certificate Trust List updated

Dustin Childs @ the Microsoft Security Response Center :

3 Jan 2013 10:05 AM PST

Today we released Security Advisory 2798897 to notify customers that we are aware of active attacks using a fraudulent digital certificate issued by TURKTRUST Inc. To help protect customers, we have updated the Certificate Trust List (CTL) to remove the trust of the certificates causing this issue, and we encourage customers follow the guidance in Security Advisory 2798897.

TURKTRUST Inc. incorrectly created two subsidiary Certificate Authorities: (*.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com.

There is no action for customers using versions of Windows Vista and newer who have installed the Certificate Trust List feature, which we released in June. This feature helps protect customers from any potential issues caused by these certificates.

For Windows XP and Windows Server 2003 customers, or customers who chose not to install the Certificate Trust List feature, also known as Microsoft Knowledge Base Article 2677070, we recommend that this update be applied immediately using update management software, by checking for updates using the Microsoft Update service, or by downloading and applying the update manually.

For more information and details about the update, please see Security Advisory 2798897.

http://blogs.technet.com/b/msrc/archive/2013/01/03/security-advisory-2798897-released-certificate-trust-list-updated.aspx

Discussion is locked

2 Posts
- Collapse + Expand Details
- Collapse -
Thank you, Carol
by caktus Jan 3, 2013 4:06AM PST

Thank you, Carol for posting this. Everything I found on MS.com and Google regarding KB 2798897, EGO.GOV.TR, etc. seemed to indicate site and cert were safe. Thanks for passing on the straight scoop, I wish MS's vernacular were as straight forward.

Have a happy and prosperous New Year. Happy

Charlie

- Collapse -
You're welcome, Charlie
by Carol~ Jan 3, 2013 6:34AM PST

"A blast from the past"! Nice to see a familiar face. Happy

You're not the only one who was confused. I read quite a few threads at various forums, where the subject was being discussed.

Coincidentally, I hadn't seen your post until (just) after adding "Fraudulent Certificate for Google Domains Found After Mistake by Turkish CA" to the News Thread.

Brian Krebs posted "Turkish Registrar Enabled Phishers to Spoof Google" not long after the above was posted. It may (or may not) shed some further light on the subject.

A Happy, Healthy and Prosperous New Year to you!

(If I prosper before you ....I'll split it with ya! Devil )

Carol

Back to Spyware, Viruses, & Security forum

CNET Forums

Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Brand Forums
Roadshow Autos
Off Topic

Other Forums

Forum Info