SOFTWARE HOUSE Microsoft has revoked 28 of its own certificates through a critical update issued as part of its Patch Tuesday release.
Microsoft, which had its Windows Update certificates forged as part of the Flame malware attack, has taken what one hopes is a proactive decision to revoke 28 of its own certificates. According to the firm the update will treat certificates using the RSA algorithm having keys less than 1024 bits long as invalid.
Gerardo Di Giacomo and Jonathan Ness of Microsoft's Security Response Center said that to its knowledge none of the 28 certificates it has revoked were compromised, adding, "This is a pre-emptive cleanup to ensure a high bar for any certificates owned by Microsoft."
Giacomo and Nessof said, "As a continuation of this effort, we reviewed a number of Microsoft digital certificates and found several which do not meet our standards for security practices. As an extra precautionary measure, we released Security Advisory 2728973 today to announce the availability of a Critical, non-security update that moves several of these certificates into the Untrusted Certificate Store."
The firm didn't go into much further detail about the specific certificates involved in its security advisory, referring to the vast majority as Microsoft Online Svcs. Microsoft has issued patches for all of its operating systems since 2002, including Windows XP and even Windows Server for Itanium processors. µ