Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Windows Live SSL certificate issued to unauthorized third party

Windows Live SSL certificate issued to unauthorized third party

2015/03/17

Softpedia - (International) Microsoft released an advisory warning of a fraudulent certificate for the Finnish Windows Live domain which is generated by the Certificate Authority (CA) Comodo following an unauthorized request from a privileged email account which can be used by hackers to spoof Microsoft Web content and carry out man-in-the-middle (MitM) and phishing attacks. The certificate affects systems running certain Windows and Server versions, as well as Windows Phone 8 and Windows Phone 8.1. A standalone updater is available for revoked certificate.

Source: http://news.softpedia.com/news/Windows-Live-SSL-Certificate-Issued-to-Unauthorized-Third-Party-476020.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:45