The Inquirer-Home

Microsoft revokes 28 of its own certificates

The aftermath of Flame rages on
Wed Jul 11 2012, 17:31

SOFTWARE HOUSE Microsoft has revoked 28 of its own certificates through a critical update issued as part of its Patch Tuesday release.

Microsoft, which had its Windows Update certificates forged as part of the Flame malware attack, has taken what one hopes is a proactive decision to revoke 28 of its own certificates. According to the firm the update will treat certificates using the RSA algorithm having keys less than 1024 bits long as invalid.

Gerardo Di Giacomo and Jonathan Ness of Microsoft's Security Response Center said that to its knowledge none of the 28 certificates it has revoked were compromised, adding, "This is a pre-emptive cleanup to ensure a high bar for any certificates owned by Microsoft."

Giacomo and Nessof said, "As a continuation of this effort, we reviewed a number of Microsoft digital certificates and found several which do not meet our standards for security practices. As an extra precautionary measure, we released Security Advisory 2728973 today to announce the availability of a Critical, non-security update that moves several of these certificates into the Untrusted Certificate Store."

The firm didn't go into much further detail about the specific certificates involved in its security advisory, referring to the vast majority as Microsoft Online Svcs. Microsoft has issued patches for all of its operating systems since 2002, including Windows XP and even Windows Server for Itanium processors. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015