SOFTWARE BUG FACTORY Microsoft has urged users to beware of potential cyber attacks following the discovery of a series of bogus SSL certificates in India.
Microsoft issued the warning via an advisory on its Technet security website, warning users that the certificates could be used by hackers to spoof content and perform phishing attacks and man-in-the-middle attacks.
"The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store," the advisory read.
"The subordinate CA has been misused to issue SSL certificates for multiple sites, including Google web properties. These SSL certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against web properties."
The issue affects all supported releases of Windows, though Microsoft has yet to see any clear evidence suggesting hackers are actively using the certificates. Microsoft said it is updating its Windows Certificate Trust list (CTL) to remove the bogus certificates and prevent future exploitation by hackers.
The advisory follows Microsoft's July Patch Tuesday in which the Redmond firm released six patches, two of which are listed as Critical fixes for vulnerabilities in its Windows operating system (OS) and Internet Explorer.
Revealed in a threat advisory, the patches fix vulnerabilities that Microsoft said could be used by hackers to mount remote code execution attacks.
The July Patch Tuesday update also included three Important Windows fixes and a single Moderate fix for a flaw in Windows Server. µ
Or so says the rumour mill ...
Hello, feeling lucky? Sorry. What's your emergency?
Arrives just days after firm slams Android security as 'lacking' compared to BB10