Microsoft Security Advisory (2718704)
by Carol~ - 6/4/12 8:04 AM
Unauthorized Digital Certificates Could Allow Spoofing
Published: Sunday, June 03, 2012
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
• Microsoft Enforced Licensing Intermediate PCA (2 certificates)
• Microsoft Enforced Licensing Registration Authority CA (SHA1)
Recommendation For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information, see the Suggested Actions section of this advisory. For affected devices, no update is available at this time.
The majority of customers have automatic updating enabled and will not need to take any action because the KB2718704 update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.
For administrators and enterprise installations, or end users who want to install the KB2718704 update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the update, see Microsoft Knowledge Base Article 2718704.
For Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices, no update is available at this time.
For Further Details: http://technet.microsoft.com/en-us/security/advisory/2718704