Microsoft Security Advisory (2524375)

Talk about anything you want here.
Post Reply
User avatar
ScRiPt3r
Redneck Commander
Posts: 840
Joined: Tue May 11, 2010 5:20 pm
Location: Akron, OH
Contact:
Contact ScRiPt3r

Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
Published: March 23, 2011

Version: 1.0
General Information
Executive Summary

Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

These certificates affect the following Web properties:


login.live.com


mail.google.com


http://www.google.com


login.yahoo.com (3 certificates)


login.skype.com


addons.mozilla.org


"Global Trustee"
the article goes on to say that there is a patch for this..

anyway here's the link to the article at technet..

be sure you update your windows ASAP with this one..

http://www.microsoft.com/technet/securi ... 24375.mspx

don't ya just LOVE M$ lol :stfu: :bs:
ScRiPt3r
remember: It's ALL good.
-----
Image
Top
User avatar
{ESC}zeno
ESC Member
Posts: 1117
Joined: Fri Apr 30, 2010 12:27 pm

{ESC}ScRiPt3r wrote:

don't ya just LOVE M$ lol :stfu: :bs:
not really their fault.
WARNING: YOU ARE NOW BREATHING AND BLINKING MANUALLY
Top
User avatar
ScRiPt3r
Redneck Commander
Posts: 840
Joined: Tue May 11, 2010 5:20 pm
Location: Akron, OH
Contact:
Contact ScRiPt3r

zeno wrote:
{ESC}ScRiPt3r wrote:

don't ya just LOVE M$ lol :stfu: :bs:
not really their fault.
this time..

heh

:doh:
ScRiPt3r
remember: It's ALL good.
-----
Image
Top
User avatar
{ESC}zeno
ESC Member
Posts: 1117
Joined: Fri Apr 30, 2010 12:27 pm

you should also enable certificate revocation checking in your browser regardless of platform/os.
WARNING: YOU ARE NOW BREATHING AND BLINKING MANUALLY
Top
User avatar
ScRiPt3r
Redneck Commander
Posts: 840
Joined: Tue May 11, 2010 5:20 pm
Location: Akron, OH
Contact:
Contact ScRiPt3r

oh you absolutely want to do this.

with the invalid certs released that reference those commonly gone to websites that will potentially allow spoofing or phishing to occur, its very important to make sure this is run..

yes, a windows update will bring in this patch, but not everyone runs windows update every day, and the possibility of hitting one of these bad certs before patching is real.

i am not one to post red flags like this, but this one is that important.

and yes zeno, i agree 100%.

these are simple things to do to protect your computer, and you that may not be as "common knowledge" as we who are into computers as deeply as we are may think, so sharing these is a good way to make sure all is well.
ScRiPt3r
remember: It's ALL good.
-----
Image
Top
User avatar
ScRiPt3r
Redneck Commander
Posts: 840
Joined: Tue May 11, 2010 5:20 pm
Location: Akron, OH
Contact:
Contact ScRiPt3r

i see you shared this link on your facebook after i posted it here, so i guess this isnt a virus eh?

;)
ScRiPt3r
remember: It's ALL good.
-----
Image
Top
Admin
Posts: 11141
Joined: Mon Dec 24, 2007 4:38 pm

my microsoft SE, sent me to a security page when i just tried to come on here,,it said there may be something maliciuos on this web site and rerouted me to the security essentials page
Top
Post Reply

Return to “General Chit Chat”

ESC Teamspeak