XP Update to Remove Spoofed DigiNotar Certificates Coming Soon, Workaround Available

Users can manually delete the DigiNotar root from the root store

By on September 5th, 2011 15:29 GMT

DigiNotar is no longer a trusted root Certificate Authority on Microsoft’s Certificate Trust List (CTL) hosted on Microsoft Update, which means that Windows Vista and Windows 7 users running Internet Explorer are safe from potential attacks exploiting the fraudulent certificates.

However, because the mechanism for Windows XP different, users of the decade old operating system are still at risk from potential attacks, until such a time when Microsoft will issue an update.

The Redmond company has already confirmed that in addition to the initial spoofed certificates for Google.com, it has also detected fraudulent certificates issued for .microsoft.com, .windowsupdate.com, www.update.microsoft.com.

The software giant has yet to share the specific release deadline of an update for Windows XP.

“We are currently preparing an update for Windows XP and Windows Server 2003 platforms which will add DigiNotar to our Untrusted Certificate Store. This update will be available soon,” noted Jonathan Ness, MSRC Engineering.

Cybercriminals can abuse spoofed certificates in spoofing or “man-in-the-middle” attacks, which has already happened for users of some Google sites. No attacks against users of Microsoft online properties have been confirmed thus far.

Customers that want to protect themselves until Microsoft offers an update, can go ahead and manually delete the DigiNotar root from the root store.

Users need to launch mmc (Microsoft Management Console) and click Add/Remove Snap-in on the File menu, Ness explained. They should select Certificates, from under Available snap-ins, and then Add.

“Under This snap-in will always manage certificates for, click Computer account, and then click Next. Click Local computer, and click Finish. If you have no more snap-ins to add to the console, click OK. In the console tree, double-click Certificates. Double-click the Trusted Root Certification Authorities store and click on Certificates to view all certificates in the store,” Ness added.

Users will be able to see two DigiNotar Root CA certificates, and they can right click both and remove them. In addition, it’s important for them to use “certutil –urlcache * delete” in order to do away with any older cached CTL.

Comments