Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Includes Some Invalid Certificates
SecurityTracker Alert ID:  1027114
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jun 4 2012
Original Entry Date:  Jun 4 2012
Impact:   Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof code signing signatures.

The operating system includes some invalid intermediate certificates. The invalid certificates and their thumbprints are:

Microsoft Enforced Licensing Intermediate PCA: 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70

Microsoft Enforced Licensing Intermediate PCA: 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08

Microsoft Enforced Licensing Registration Authority CA (SHA1): fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

The vulnerability is due to the certificate authorities and not the operating system itself.

Unauthorized digital certificates derived from these certificate authorities are being actively used in attacks.

Windows Mobile 6.x and Windows Phone 7 and 7.5 are also affected.

Impact:   A remote user may be able to spoof code signing signatures.
Solution:   The vendor has issued a fix (KB2718704), available via automatic update.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC