Page 1 of 1
Microsoft Security Advisory (2524375)
Posted: Thu Mar 24, 2011 8:19 am
by ScRiPt3r
Microsoft Security Advisory (2524375)
Fraudulent Digital Certificates Could Allow Spoofing
Published: March 23, 2011
Version: 1.0
General Information
Executive Summary
Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.
These certificates affect the following Web properties:
•
login.live.com
•
mail.google.com
•
http://www.google.com
•
login.yahoo.com (3 certificates)
•
login.skype.com
•
addons.mozilla.org
•
"Global Trustee"
the article goes on to say that there is a patch for this..
anyway here's the link to the article at technet..
be sure you update your windows ASAP with this one..
http://www.microsoft.com/technet/securi ... 24375.mspx
don't ya just LOVE M$ lol :stfu: :bs:
Re: Microsoft Security Advisory (2524375)
Posted: Thu Mar 24, 2011 9:11 am
by {ESC}zeno
{ESC}ScRiPt3r wrote:
don't ya just LOVE M$ lol :stfu: :bs:
not really their fault.
Re: Microsoft Security Advisory (2524375)
Posted: Thu Mar 24, 2011 9:38 am
by ScRiPt3r
zeno wrote:{ESC}ScRiPt3r wrote:
don't ya just LOVE M$ lol :stfu: :bs:
not really their fault.
this time..
heh
:doh:
Re: Microsoft Security Advisory (2524375)
Posted: Thu Mar 24, 2011 11:19 am
by {ESC}zeno
you should also enable certificate revocation checking in your browser regardless of platform/os.
Re: Microsoft Security Advisory (2524375)
Posted: Thu Mar 24, 2011 11:24 am
by ScRiPt3r
oh you absolutely want to do this.
with the invalid certs released that reference those commonly gone to websites that will potentially allow spoofing or phishing to occur, its very important to make sure this is run..
yes, a windows update will bring in this patch, but not everyone runs windows update every day, and the possibility of hitting one of these bad certs before patching is real.
i am not one to post red flags like this, but this one is that important.
and yes zeno, i agree 100%.
these are simple things to do to protect your computer, and you that may not be as "common knowledge" as we who are into computers as deeply as we are may think, so sharing these is a good way to make sure all is well.
Re: Microsoft Security Advisory (2524375)
Posted: Thu Mar 24, 2011 4:33 pm
by ScRiPt3r
i see you shared this link on your facebook after i posted it here, so i guess this isnt a virus eh?
Re: Microsoft Security Advisory (2524375)
Posted: Fri Mar 25, 2011 4:41 pm
by Admin
my microsoft SE, sent me to a security page when i just tried to come on here,,it said there may be something maliciuos on this web site and rerouted me to the security essentials page