U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

Unauthorized Microsoft Digital Certificates

Original release date: June 04, 2012 | Last revised: October 23, 2012

Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack.

The following certificates have been revoked by this update:

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)
Microsoft has provided an update to all support versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2718704.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risk.

Update: For more information, please see US-CERT Technical Alert TA12-156A.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top