You are here

U-182: Microsoft Windows Includes Some Invalid Certificates

June 4, 2012 - 7:00am

Addthis

PROBLEM:

A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof code signing signatures.

PLATFORM:

Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs

ABSTRACT:

The operating system includes some invalid intermediate certificates. The vulnerability is due to the certificate authorities and not the operating system itself.

Reference Links:

Security tracker ID 1027114
GENERIC-MAP-NOMATCH
Vendor Advisory

IMPACT ASSESSMENT:

High

Discussion:

The invalid certificates and their thumbprints are:

Microsoft Enforced Licensing Intermediate PCA: 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
Microsoft Enforced Licensing Intermediate PCA: 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
Microsoft Enforced Licensing Registration Authority CA (SHA1): fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

Unauthorized digital certificates derived from these certificate authorities are being actively used in attacks.

Impact:

Modification of authentication information

Solution:

The vendor has issued a fix (KB2718704), available via automatic update.

Addthis