Archive

Archive for January, 2014

The best time to change your password is now

January 30th, 2014 No comments

You can reduce your chances of being hacked by regularly changing the passwords on all the accounts where you enter financial or other sensitive information. Set an automatic reminder to update passwords on your email, banking, and credit card websites every three months.

Different sites have different rules for passwords that they’ll accept, but here is some basic guidance on how to create strong passwords:

  • Length. Make your passwords at least eight (8) characters long.
  • Complexity. Include a combination of at least three (3) upper and/or lowercase letters, punctuation, symbols, and numerals. The more variety of characters in your password, the better.
  • Variety. Don’t use the same password for everything. Cybercriminals can steal passwords from websites that have poor security and then use those same passwords to target more secure environments, such as banking websites.

Learn more about how to create strong passwords and protect your passwords.

If you think someone has gone into your account and changed your password, learn how to recover a hacked account.

What are your privacy perceptions?

January 28th, 2014 No comments

To mark Data Privacy Day 2014, Microsoft released results of a survey measuring consumer privacy perceptions in the United States and Europe. According to our research, people in the United States estimate they have about 50 percent control over the way their information is used online. In Europe, it’s about 40 percent. 

At Microsoft, we’re committed to earning customer trust by demonstrating accountability and an inherent respect for privacy. Individuals expect us to prioritize their privacy and incorporate strong privacy protections into our products and services and we are constantly looking for ways to innovate on privacy in support of our customers.

For more information, see Marking Data Privacy Day with dialogue and new data, a blog post by Brendon Lynch, Chief Privacy Officer at Microsoft.

Categories: Data Privacy Day, privacy Tags:

Coordinated malware eradication

January 28th, 2014 No comments

Today, as an industry, we are very effective at disrupting malware families, but those disruptions rarely eradicate them. Instead, the malware families linger on, rearing up again and again to wreak havoc on our customers. 

To change the game, we need to change the way we work.

It is counterproductive when you think about it. The antimalware ecosystem encompasses many strong groups: security vendors, service providers, CERTs, anti-fraud departments, and law enforcement. Each group uses their own strengths and methods to protect their customers and constituents. Each group is able to claim victory from their efforts, but the malware families retain a significant advantage. No matter how big, the reach of each antimalware ecosystem player only extends so far. As a result, our adversaries only need to shift just a bit beyond that reach to get back in business. For example, let’s assume an advertising network identifies and shuts down a click-fraud attack.  This is great for the network and its advertisers, but the bad guys need only to pivot and attack another advertising network to remain in business. And this time, maybe the bad guys are more effective, because now they’re more educated about the need for resiliency and continuity.

By not working together, we have yielded our advantage to the malware authors. They can see the reach of our tools, and they can dance away from each of us. While we are disrupting them, we are also making them more resilient and more efficient.

If we want to fight effectively and protect our customers and constituents, we need to eradicate the malware families. To do this, we must coordinate our collective scope and reach so that the bad guys have no room to dance away. Of course, some coordination already exists within the industry today. Antimalware vendors exchange malware samples, prevalence information, and even clean file metadata. They participate with CERTs, ISPs, and law enforcement in sinkholes and takedowns. But it hasn’t been enough: a quick glance at the age of the detections that we’re still using to find our top malware families shows that we are not eradicating them.

Graph of malware encounters

Figure 1: Malware encounters on Microsoft real-time protection products September 1, 2013 – January 25, 2014

Getting to a more coordinated eradication effort for each malware family will require much stronger industry partnerships. It also needs new partnerships with financial institutions, payment networks, large internet services, and software bundlers. Each partnership will increase our collective ability to present a unified front, thereby reducing the bad guys’ ability to evade and profit.

Tighter coordination is a natural evolution of the malware protection industry, and it is already beginning. For example, when Microsoft teamed up with Europol’s European Cybercrime Centre (EC3), the Federal Bureau of Investigation (FBI), a number of ISPs and A10 Networks against the Sirefef/ZeroAccess botnet, the results went far beyond a few days of disruption.  Faced with a broadly coordinated action against their IP addresses, Sirefef authors waved the white flag. They are not quite eradicated, but they’re certainly heading that way.

While these efforts are working against malware authors, they are essentially one-offs. We have hundreds of active malware families that require eradication, and we need a repeatable model that will scale.

We have talked about the scope of Microsoft’s customer-focused approach, and how we are sharing malware telemetry information. We want to take it much further. We need to create a structure that makes it easy to coordinate campaigns and share more types of information across the entire antimalware ecosystem.

The time has come to do this now. We need committed antimalware ecosystem partners to join together in coordinated campaigns to eradicate malware families. Here are some examples of how partners can help with their tools, reach, and scope:

  • Security vendors: By sharing detection methods, malware behavior, and unpacking techniques, vendors can more quickly identity and block the malware families as they appear on network-connected endpoints and servers.
  • Financial institutions, online search, and advertising businesses: With better fraudulent behavior identification, these organizations can starve malware authors of their ill-gotten gains.
  • CERTs and ISPs: Armed with vetted lists, CERTS and ISPs can block and take down deploy sites, and command and control servers.
  • Law enforcement: Using correlated evidence, law enforcement can prosecute the people and organizations behind the malware.

Antimalware ecosystem coordinated eradication

Figure 2: The antimalware ecosystem’s coordinated malware eradication

The challenge is how we can all work together in a way that’s efficient and long-lasting. Microsoft is committed to helping drive this industry effort forward. We are beginning by looking at what we can contribute to such a community, and we are asking our antimalware ecosystem partners to do the same.

Several industry events are coming up this spring and summer. For example, RSA in San Francisco in February 2014, DCC in Singapore and the PCSL/IEEE Malware Conference in Beijing in March 2014, the May 2014 CARO Workshop in Florida, and the June 2014 FIRST event in Boston. These are great opportunities to hammer out a working framework for making coordinated malware eradication a reality. Microsoft will be hosting discussions at these events to do just that.*

I look forward to your feedback and on-going conversations about coordinated malware eradication.

Dennis Batchelder
MMPC 

* To join the discussions at these events, please contact us at cme-invite@microsoft.com.

Categories: Uncategorized Tags:

Q & A: Keeping kids safer online

I recently sat down with Sonia Livingstone, a professor in the Department of Media and Communications at the London School of Economics to discuss children and kids and the Internet.

Q. You’ve spent the last two months at Microsoft’s Cambridge research facility. How did that opportunity come about?

A. I have known danah boyd, who started the Social Media Collective at Microsoft Research New England, for quite a while, since we’re both interested in studying teenagers’ ‘risky’ activities on social networking sites. And I’d known Nancy Baym, who invited me to visit, for even longer—since we began our careers researching the soap opera audience. Now I see parallels between soap opera and social media—they’re both about the everyday ways that people create a shared social world through seemingly mindless but actually significant chat and gossip.

Q. Share a key learning from this experience and how it will influence your work.

A. The lab values intellectual discussion across disciplinary boundaries. We all find this difficult, requiring lots of ‘translation’ to understand what people from different traditions find interesting questions, let alone how they come to their answers. I appreciate the recognition that it is important not to stay siloed in our separate spaces, but to talk across divides and seek common ground. The design of the lab echoes this principle—open doors, flexible spaces for discussion, frequent moments when everyone comes together to talk about ideas. It’s a contrast with the academic model I’m used to.

Q. You’re the lead researcher for the EU Kids Online network, which is the “gold standard” when it comes to kids’ Internet use in the EU. What’s next for this project?

A. We are coming to the end of our third phase of funded activity. The European Commission’s (EC) Safer Internet (now Better Internet for Kids) Programme is changing into something new. We are focused on completing interviews and focus groups in 9 or 10 countries, aiming to understand the contexts in which children talk about online risk and how they try to cope with it—or, what support they think they need. As I look ahead, I see the value of our network both for its high-quality cross-national research and for its infrastructural role, paralleling the networks for awareness raising, children’s charities, and helplines to provide the evidence base for policymaking and practical safety/empowerment initiatives in Europe.

Q. Any observations on the way American parents approach kids and technology compared to their European counterparts?

A. My sense is that parents’ expectations are greater in the US than in Europe, where we rely more on schools to guide kids, but also on kids themselves. For example, British parents generally do not check their child’s phone or laptop because the child’s right to privacy outweighs the parents’ duty to protect. I think American parents strike a different balance, considering that they have a right to check their phone because they pay the bill. As I see it, children have a right to privacy, but parents have a duty of care. That’s a difficult balancing act in any culture. My hope is that we find ways for parents and children to share responsibility and talk openly about risks rather than parents snooping on kids and kids finding ways to escape scrutiny.

Q. How can we make parents, educators, and policymakers aware that there is a difference between risk versus harm, and how should we be thinking about that?

Statistics on risk (for example, the proportion of children being exposed to online pornography) are inevitably higher than statistics on harm (for example, the proportion of children who are damaged, upset, or threatened by online pornography or other online risks). In our findings, around one in eight children aged 9–16 across Europe had seen explicit online sexual images, but only one in three of those said that was an upsetting experience. We can take different positions—some will decide that children don’t know what harms them and that all exposure to explicit porn is harmful; others will decide that children’s voices should be respected; there’ll be positions in between too. My main point is that this should be discussed.

Q. What is industry’s role in this discussion?

Two factors influence when risk turns into harm. The first depends on the child and the circumstances in which they use the Internet. A psychologically vulnerable child has less resilience when finding extreme images and is more readily upset. The second depends on the industry’s design of the online environment. If a mildly pornographic image links to more extreme images, risks can lead to harm. If a search for self-harm offers professional advice on sources of help (instead of peer advice on how to cut), risk may not lead to harm.

One hopes that multiple stakeholders—including industry, child welfare, and researchers—will discuss openly where the risks are arising and work together to minimize harm. Ideally, they’d find ways that don’t restrict children’s opportunities to explore and benefit from the Internet.

Q. What do you think parents struggle with the most, and what would you tell them to help calm their anxiety about their kid’s digital lifestyles?

I think parents struggle with two things in particular. The first is that the media are full of panicky headlines that raise fears of abduction, porn addiction, and cyberbullying, and it would help if the media could raise awareness in a more balanced and proportionate way. The second is that they struggle with protecting versus empowering their children. Parents want to trust their kids and respect their privacy. Stakeholders need to provide more nuanced and age-sensitive advice to guide parents. And parents should read the press more critically and listen to their children more sensitively.

Q. Kids are going online at increasingly younger ages. Most of our work focuses on reaching parents of children and teens, but who is thinking about the really young kids, 2–5-year-olds?

The marketing and content industries are thinking about very young kids as a new market. Despite claims of educational outcomes, there is very little evidence that it benefits kids to be going online so young. A few researchers are also studying the contexts and consequences of young kids’ Internet use, and I hope we see more of this in the future.

Q. Where is the online safety debate headed? There is talk about moving from a “safer” to a “better” Internet, and from protecting kids to empowering them. Is a shift taking place? What will the impact be?  

The argument for a better Internet for kids is a good one: there’s no point having a safe Internet if it has little that’s great for kids to do. Dealing with the risk of harm should become a ‘hygiene factor’: like immunizations against disease or reliable systems for clean water, life without good hygiene is problematic, even intolerable. Once those systems are in place, the important questions are about how society should be organized for positive goals. We are so preoccupied with eliminating threats that we’ve lost sight of what we want for the Internet. Remember those early debates about kids having the world of knowledge at their fingertips. What’s our present vision of what we want for kids? That’s where creative thinking is now needed.

Q. There has been a lot in the news from the UK recently. Any thoughts on what PM Cameron is trying to accomplish?

Our prime minister has put children’s Internet safety high on the political agenda. He is focused on eliminating child abuse images from the Internet. He has also insisted that all ISPs provide usable filters for parents. While welcoming both developments, I have two concerns. The first is that we will need new research to be sure that the benefits are reaching children: will children encounter fewer risks online, will their parents feel more empowered to deal with what worries them, and will this be achieved in ways that don’t restrict children’s rights to free expression, privacy, and participation. Second, government intervention online always raises concerns about wider freedom of expression, censorship, and rights. I would like to see an independent, accountable, trusted body established to oversee child protection and empowerment online in a way that responds to wider public concerns. This would also help ensure that Internet safety remains on the agenda.

Q. Lastly, the theme for Safer Internet Day in 2014 is “Let’s Create a Better Internet Together.” Will you be doing anything special to mark the day?

A. We plan to release the first part of our report on the qualitative work on kids’ perceptions of risk that I described earlier. But the findings are a secret till then! I will be in Brussels announcing the winner of the EC’s positive online content competition, of which I chair the jury. That’s a nice role—celebrating what’s good about the Internet for kids.

What is HTTPS?

January 21st, 2014 No comments

HTTP stands for Hypertext Transfer Protocol. It’s the language that is used to deliver information over the web, and it’s the first element you see in any URL.

Most web browsers (including Internet Explorer) use an encrypted protocol called Secure Sockets Layer (SSL) to access secure webpages. These pages use the prefix HTTPS. The “s” stands for secure.

If you’re just browsing the web and not entering any sensitive information, HTTP:// is just fine. However, on pages where you enter your password, credit card number, or other financial information, you should always look for the https:// prefix. If you don’t see the “s,” don’t enter any information that you want to keep secure.

For more information, see Privacy in Internet Explorer.

Antimalware Support for Windows XP and the January 2014 Security Bulletin Webcast and Q&A

January 17th, 2014 No comments

Today we’re publishing the January 2014 Security Bulletin Webcast Questions & Answers page.  We answered 16 questions in total, with the majority of questions focusing on the Dynamics AX bulletin (MS14-004), the update for Microsoft Word (MS14-001) and the re-release of the Windows 7 and Windows Server 2008 R2 updates provided through MS13-081.

We also wanted to point out a new blog from the Microsoft Malware Protection Center (MMPC) detailing support antimalware support for Windows XP beyond April 8, 2014. Although there will be no new security updates for Windows XP after this date, Microsoft will continue to  provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.

We invite you to join us for the next scheduled webcast on Wednesday, February 12, 2014, at 11 a.m. PST (UTC -8), when we will go into detail about the February bulletin release and answer your bulletin deployment questions live on the air.

You can register to attend the webcast at the link below:

Date: Wednesday, February 12, 2014
Time: 11:00 a.m. PST (UTC -8)
Register:
Attendee Registration

I look forward to seeing you next month.

Thanks,

Dustin Childs
Group Manager, Response Communications
Microsoft Trustworthy Computing

Do I need anything besides Windows Defender?

January 16th, 2014 No comments

A reader asks:

If I have Windows Defender, do I need to buy anything else to protect my computer?

If your computer is running the Windows 8 operating system, Windows Defender will help protect you from viruses, spyware, and other malicious software. You don’t need to buy anything else. 

If your computer is running Windows 7, Windows Vista, or Windows XP, Windows Defender removes spyware, but to protect yourself from viruses, you’ll need to download antivirus software. You can purchase it from a third party, or you can download Microsoft Security Essentials for free.

More ways to protect against viruses and other malware

Run newer software. Advanced security technologies in modern operating systems are specifically designed to make it more difficult, more complex, more expensive, and therefore, less appealing to cybercriminals to exploit vulnerabilities.

Regularly install updates for all your software. Update your antivirus and antispyware programs, browsers (like Windows Internet Explorer), operating systems (like Windows), and word processing and other programs. Learn how to turn on automatic updating.

Make sure your firewall is turned on. A firewall will also help protect against viruses and hackers. Find out if your version of Windows has a built-in firewall.

For more information, see How to remove and avoid computer viruses.

Microsoft antimalware support for Windows XP

January 15th, 2014 No comments

Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system*. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015.

This does not affect the end-of-support date of Windows XP, or the supportability of Windows XP for other Microsoft products, which deliver and apply those signatures.

For enterprise customers, this applies to System Center Endpoint Protection, Forefront Client Security, Forefront Endpoint Protection and Windows Intune running on Windows XP. For consumers, this applies to Microsoft Security Essentials.

Our research shows that the effectiveness of antimalware solutions on out-of-support operating systems is limited. Running a well-protected solution starts with using modern software and hardware designed to help protect against today’s threat landscape.

Microsoft recommends best practices to protect your PC such as:

  • Using modern software that has advanced security technologies and is supported with regular security updates
  • Regularly applying security updates for all software installed
  • Running up-to-date anti-virus software.

Our goal is to provide great antimalware solutions for our consumer and business customers. We will continue to work with our customers and partners in doing so, and help our customers complete their migrations as Windows XP end of life approaches.

MMPC

* We've received some inquiries about what "no longer supported operating system" means. To clarify, this mean that, after April 8, 2014, Windows XP users will no longer receive new security updates, non-security hotfixes, free or paid assisted support options, or online technical content updates from Microsoft.

February 5, 2014: We’ve received several inquiries about the difference between security updates and antimalware signatures, as well as the Malicious Software Removal Tool (MSRT) for Windows XP. You can find answers to these questions and more on our Windows XP end of support page.

 

Categories: Uncategorized Tags:

Microsoft Security Advisory (2916652): Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.1

Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags:

MS12-066 – Important : Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege (2741517) – Version: 1.4

Severity Rating: Important
Revision Note: V1.4 (January 15, 2014): Bulletin revised to announce a detection change in update 2687356 (a.k.a. 2687442). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Note that update 2687356 is offered through Microsoft Update as update 2687442.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

MS12-050 – Important : Vulnerabilities in SharePoint Could Allow Elevation of Privilege (2695502) – Version: 2.2

Severity Rating: Important
Revision Note: V2.2 (January 15, 2014): Bulletin revised to announce a detection change in update 2596911. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

2916652 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.1

Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags:

MS12-050 – Important: Vulnerabilities in SharePoint Could Allow Elevation of Privilege – Version: 2.2

Severity Rating: Important
Revision Note: V2.2 (January 15, 2014): Bulletin revised to announce a detection change in update 2596911. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

MS12-066 – Important: Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege – Version: 1.4

Severity Rating: Important
Revision Note: V1.4 (January 15, 2014): Bulletin revised to announce a detection change in update 2687356 (a.k.a. 2687442). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Note that update 2687356 is offered through Microsoft Update as update 2687442.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

2916652 – Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.1

Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags:

Vulnerabilities in SharePoint Could Allow Elevation of Privilege – Version: 2.2

Severity Rating: Important
Revision Note: V2.2 (January 15, 2014): Bulletin revised to announce a detection change in update 2596911. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

Vulnerability in HTML Sanitization Component Could Allow Elevation of Privilege – Version: 1.4

Severity Rating: Important
Revision Note: V1.4 (January 15, 2014): Bulletin revised to announce a detection change in update 2687356 (a.k.a. 2687442). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Note that update 2687356 is offered through Microsoft Update as update 2687442.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

Microsoft Security Bulletin MS12-050 – Important – Version: 2.2

Severity Rating: Important
Revision Note: V2.2 (January 15, 2014): Bulletin revised to announce a detection change in update 2596911. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: This security update resolves one publicly disclosed and five privately reported vulnerabilities in Microsoft SharePoint and Windows SharePoint Services. The most severe vulnerabilities could allow elevation of privilege if a user clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

Microsoft Security Bulletin MS12-066 – Important – Version: 1.4

Severity Rating: Important
Revision Note: V1.4 (January 15, 2014): Bulletin revised to announce a detection change in update 2687356 (a.k.a. 2687442). This is a detection change only. Customers who have already successfully updated their systems do not need to take any action. Note that update 2687356 is offered through Microsoft Update as update 2687442.
Summary: This security update resolves a publicly disclosed vulnerability in Microsoft Office, Microsoft Communications Platforms, Microsoft Server software, and Microsoft Office Web Apps. The vulnerability could allow elevation of privilege if an attacker sends specially crafted content to a user. clicks a specially crafted URL that takes the user to a targeted SharePoint site.

Categories: Uncategorized Tags:

Improperly Issued Digital Certificates Could Allow Spoofing – Version: 2.1

Revision Note: V2.1 (January 15, 2015): Advisory revised to announce a detection change in update 2917500. This is a detection change only. Customers who have already successfully updated their systems do not need to take any action.
Summary: Microsoft is aware of an improperly issued subordinate CA certificate that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. The subordinate CA certificate was improperly issued by the Directorate General of the Treasury (DG Trésor), subordinate to the Government of France CA (ANSSI), which is a CA present in the Trusted Root Certification Authorities Store. This issue affects all supported releases of Microsoft Windows. Microsoft is not currently aware of attacks related to this issue.

Categories: Uncategorized Tags: