Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Patches » KB2798897

Overview

Id KB2798897
Name MS 2798897 Update for Untrusted Certificates for Windows (All Languages)
Vendor Name microsoft
Product Windows 2K3SP1,Windows 2K3SP2,Windows 2K8SP1,Windows 2K8SP2,Windows 2KSP4,Windows VISTASP0,Windows VISTASP1,Windows VISTASP2,Windows WIN7SP0,Windows WIN7SP1,Windows XPSP2,Windows XPSP3,Windows WIN8
Content Type Critical - 01 Critical - 01
Language(s) ENGLISH 
Operating System(s) Windows 
Released On 02 Jan 2013 05:00:00

KB2798897

MS 2798897 Update for Untrusted Certificates for Windows (All Languages)

Vendor Name

microsoft

Product

Windows 2K3SP1,Windows 2K3SP2,Windows 2K8SP1,Windows 2K8SP2,Windows 2KSP4,Windows VISTASP0,Windows VISTASP1,Windows VISTASP2,Windows WIN7SP0,Windows WIN7SP1,Windows XPSP2,Windows XPSP3,Windows WIN8

Released On

02 Jan 2013 05:00:00

Url

http://support.microsoft.com/kb/2798897

Description

Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR subsidiary CA was then used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties.

Install this update to revoke the trust of the following certificates by putting them in the Microsoft Untrusted Certificate Store:

  • *.google.com issued by *.EGO.GOV.TR
  • e-islem.kktcmerkezbankasi.org issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
  • *.EGO.GOV.TR issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri
  • Related Resources

    Related Vulnerabilities

    None

    Related Patches

    None

    Superseded Patches

    None


    Last Updated: 27 May 2016 11:16:24