Unauthorized Microsoft Digital Certificates

Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack.

The following certificates have been revoked by this update:

Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)

Microsoft has provided an update to all support versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2718704.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risk.

Update: For more information, please see US-CERT Technical Alert TA12-156A.

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Unauthorized Microsoft Digital Certificates

Please share your thoughts

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog

Juniper Releases Security Bulletin for Multiple Juniper Products

Unauthorized Microsoft Digital Certificates

Please share your thoughts

Related Advisories

Joint Guidance on Deploying AI Systems Securely

Citrix Releases Security Updates for XenServer and Citrix Hypervisor

CISA Adds One Known Exploited Vulnerability to Catalog

Juniper Releases Security Bulletin for Multiple Juniper Products