Microsoft released updates to stop a fake Windows certificate, which could be used to create a man-in-the-middle assault on its live services.
It all started in Finland, where hackers managed to gain access to a Microsoft admin account. Following the discovery of the hack, Comodo Certification Authority deleted the fake CERT, which it issued, and Redmond followed up with the update to revoke the certificate on their platforms. Windows.
The title of the update from Microsoft is: “Advisory security Microsoft: Issued Incorrect Digital Certificate Could Enable Forgery”
“Microsoft is aware of the fake SSL certificate for the live.fi domain that could be used in attacks phishing, or man-in-the-middle attacks” said The company.
"It can not be used for issuing new certificates, or for impersonating others domains, or for signing the code. ”
Microsoft said the malicious certificate was issued by a hacked privileged email account of Microsoft's live.fi service, which appears to be the Finnish version of its online services.
Someone managed to gain access to the privileged account via admin@live.fi, and immediately asked Comodo for a certificate.
The company urges all of them users της να εφαρμόσουν τις αυτόματες ενημερώσεις. Οι χρήστες των Windows 8 can let the built-in updater perform the update, while those using Server 2008 and Windows 7 systems should install update 2917500.
For those who are interested can download the update from here.
