Microsoft released updates to stop a fake certificate of Windows, which could be used to create a plausible man-in-the-middle attack against its live services.
It all started in Finland, where hackers managed to gain access to a Microsoft admin account. After the hack was discovered, the Comodo Certificate Authority deleted the fake CERT it issued, and Redmond followed through with the update to make the recall of the certificate on their platforms Windows.
The title of the update from Microsoft is: “Advisory security Microsoft: Issued Incorrect Digital Certificate Could Enable Forgery”
"Microsoft is aware of the fake SSL certificate for the live.fi domain that could be used in phishing attacks, or man-in-the-middle attacks" said The company.
"Cannot be used to issue new certificates, or to impersonate other domains, or to sign code."
Microsoft said the malicious certificate was issued by a hacked privileged email account of the Microsoft-owned live.fi service, which appears to be the Finnish version of online services.
Someone managed to gain access to the privileged account via admin@live.fi, and immediately asked Comodo for a certificate.
The company urges all of them users to apply automatic updates. Windows 8 users can let the built-in updater perform the update, while those using Server 2008 and Windows 7 systems should install update 2917500.
For those who are interested can download the update from here.
