Microsoft Security Advisory

Number: AV12-025
Date: 4 June 2012

Purpose

The purpose of this advisory is to bring your attention to a Microsoft Security Advisory and subsequent update patch addressing the revocation of a number of unauthorized Microsoft digital certificates.

Assessment

Microsoft has released the following advisory: Unauthorized Digital Certificates Could Allow Spoofing (2718704).

The advisory states that unauthorized digital certificates from a Microsoft Certificate Authority are used to spoof content, perform phishing or to perform man-in-the-middle attacks.

This issue affects all supported releases of Microsoft Windows.

It should be noted that the vast majority of users are not at risk and that the malware associated with this attack can be detected with most up to date antivirus.

The Microsoft update revokes the trust of the following intermediate CA certificates:

• Microsoft Enforced Licensing Intermediate PCA (2 certificates)
• Microsoft Enforced Licensing Registration Authority CA (SHA1)

Affected Software and Devices:

• Windows XP Service Pack 3
• Windows XP Professional x64 Edition Service Pack 2
• Windows Server 2003 Service Pack 2
• Windows Server 2003 x64 Edition Service Pack 2
• Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista Service Pack 2
• Windows Vista x64 Edition Service Pack 2
• Windows Server 2008 for 32-bit Systems Service Pack 2
• Windows Server 2008 for x64-based Systems Service Pack 2
• Windows Server 2008 for Itanium-based Systems Service Pack 2
• Windows 7 for 32-bit Systems
• Windows 7 for 32-bit Systems Service Pack 1
• Windows 7 for x64-based Systems
• Windows 7 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for x64-based
• Windows Server 2008 R2 for x64-based Systems Service Pack 1
• Windows Server 2008 R2 for Itanium-based Systems
• Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
• Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems (Server Core installation)
• Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)

Affected Devices*

• Windows Mobile 6.x
• Windows Phone 7
• Windows Phone 7.5

* There are currently no updates for the affected devices at this time.

References: 

• http://technet.microsoft.com/en-us/security/advisory/2718704
• http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

Suggested action

CCIRC recommends that system administrators test and deploy the vendor-released update to affected applications accordingly. 

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) operates within Public Safety Canada, and works with partners inside and outside Canada to mitigate cyber threats to vital networks outside the federal government. These include systems that keep Canada's critical infrastructure functioning properly, such as the electrical grid and financial networks, or contain valuable commercial information that underpins our economic prosperity. CCIRC supports the owners and operators of systems of national importance, including critical infrastructure, and is responsible for coordinating the national response to any serious cyber security incident.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca