Emergency Windows update revokes dozens of bogus G...

Webroot's picture
Printer-friendly versionPrinter-friendly version
  • Float this Topic to the Top

Emergency Windows update revokes dozens of bogus Google, Yahoo SSL certificates

But users remain vulnerable to any fraudulent credentials not yet discovered.



Microsoft has issued an emergency update for most supported versions of Windows to prevent attacks that abuse recently issued digital certificates impersonating Google and Yahoo. Company officials warned undiscovered fraudulent credentials for other domains may still be in the wild.

Thursday's unscheduled update revokes 45 highly sensitive secure sockets layer (SSL) certificates that hackers managed to generate after compromising systems operated by the National Informatics Centre (NIC) of India. That's an intermediate certificate authority (CA) whose certificates are automatically trusted by all supported versions of Windows. Millions of sites operated by banks, e-commerce companies, and other types of online services use such cryptographic credentials to encrypt data passing over the open Internet and to prove the authenticity of their servers. As Ars explained Wednesday, the counterfeit certificates pose a risk to Windows users accessing SSL-protected sections of Google, Yahoo, and any other affected domains.

Copy this html code to your website/blog to embed this press release.


Post new comment

13 + 1 =

To prevent automated spam submissions leave this field empty.