Microsoft certification authority signing certificates added to the Untrusted Certificate Store


Jonathan Ness

Today, we released Security Advisory 2718704, notifying customers that unauthorized digital certificates have been found that chain up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. With this blog post, we’d like to dig into more technical aspects of this situation, potential risks to your enterprise, and actions you can take to protect yourself against any potential attacks that would leverage unauthorized certificates signed by Microsoft.  

We'd also like to share how this issue relates to a complex piece of targeted malware known as "Flame".  As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk.  Additionally, most antivirus products will detect and remove this malware.  That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks.  Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers.

main page ATTRITION feedback