Posted on Wednesday, July 11 2012 @ 14:03 CEST by Thomas De Maesschalck
Five weeks after the software giant revoked certificates abused by the highly-sophisticated Flame worm, Microsoft now revokes 28 more certificates after discovering that some of them could be subject to similar attacks. Full details
at ARS Technica.
Tuesday's revocation of 28 certificates is part of a much larger overhaul of Microsoft's cryptographic key management regimen that's designed to make it more resistant to abuse. The housecleaning follows last month's discovery that some of the company's trusted digital signatures were being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries. By forging the cryptographic imprimatur used to certify the legitimacy of Windows updates, Flame was able to spread from one computer to another inside an infected network.
Like the intermediate certificate authorities that Flame abused to hijack the Windows Update mechanism, at least some of the certificates Microsoft moved into its Untrusted Certificate Store on Tuesday contained code-signing permissions. An advisory characterized the purge as a "pre-emptive cleanup" and said there's no evidence any of the certificates have been abused or compromised.
