Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing

It did not take too long and it seems another Certificate Authority has been compromised around December 24,2012 .. here are few details on the incident:

In december 24 2012, google detected a non-authorized certificate for the google.com domain. After investigations, it was confirmed that Turktrust Inc incorrectly created two subsidiary certificate authorities:  *.EGO.GOV.TR and e-islam.kktcmerkezbankasi.org. The first one was used to create the  fraudulent google.com domain certificate detected by Google Chrome. This is a big problem since intermediate CA certificates carry the full authority of the CA and therefore they can be used to create a certificate for any website the attacker wish to impersonate.

Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following certificates by putting them in the Microsoft Untrusted Certificate Store:

  • *.google.com issued by *.EGO.GOV.TR
  •  e-islem.kktcmerkezbankasi.org issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
  • *.EGO.GOV.TR issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

This update replaces update 2728973.

The security advisory contains additional security-related information. To view the security advisory, go to the following Microsoft website:

.
[easyazon-image align=”none” asin=”B007MRYQRC” locale=”us” height=”160″ src=”http://ecx.images-amazon.com/images/I/41vVlBZp0wL._SL160_.jpg” width=”107″]

Leave a Reply