First used in attacks against users of Google.com web properties, fraudulent DigiNotar digital certificates issued for *.microsoft.com, *.windowsupdate.com, www.update.microsoft.com were also identified by Microsoft.
The software giant, along with additional companies, including browsing vendors, reacted rapidly to the problem by removing DigiNotar certificates from their products.
Microsoft Security Advisory 2607712 was released on August 29, 2011, as the company removed two DigiNotar root certificates from the Certificate Trust List.
And the software giant is now going one step further, ensuring that Internet Explorer users will be denied access to all websites leveraging certificates issued by DigiNotar, for their own protection.
“We are in the process of moving all DigiNotar owned or managed Certificate Authorities to the Untrusted Certificate Store, which will deny access to any websites using DigiNotar certificates. Microsoft is preparing to release an update to implement these protections,” revealed Dave Forstrom
, director of Microsoft Trustworthy Computing.
Compromised digital certificate can be leveraged by cybercriminals in man-in-the-middle attacks against all web browsers, IE included, but also to spoof content and for phishing.
Essentially, all communications between the users’ computers and a specific server can be considered as compromised. But “man-in-the-middle” access is key, namely the attacker needs to share the same network as the victim, or take control of the network infrastructure between the client and the server; or leverage a compromised DNS server used by the victim’s machine.
“Microsoft is offering the update to customers worldwide in order to protect them from this breach. At the explicit request of the Dutch government, Microsoft will delay deployment of this update in the Netherlands for one week to give the government time to replace certificates. Dutch customers who wish to install the update can do so by manually visiting Windows Update or following the instructions available at ww.microsoft.nl once the security update is released worldwide,” Forstrom added.