Microsoft flamed over code signing certificate error

Updated happygeek 2 Tallied Votes 334 Views Share

Microsoft Security Advisory notices do not, as a rule, make the media sit up and take much notice. Not least as they have become relatively commonplace over the years, but every now and then one comes along which may grab some press attention. Take MSA 2718704 for example.

dweb-microsoftflamed At first the advisory with the expanded title of "Unauthorized Digital Certificates Could Allow Spoofing" issued on June 3rd doesn't hold out much hope in the immediately interesting stakes. However, when you realise that components of the Flame worm (as reported here on DaniWeb) were signed with a certificate that ultimately 'chained up' to the Microsoft Root Authority via the Microsoft Enforced Licensing Intermediate PCA Certificate Authority, and exposed a potentially serious problem with such code-signing certificates that could enable malware code to be validated as a Microsoft product, the interest starts to become clear.

Following the exposure of the Flame worm, Microsoft started investigating and discovered that a particular old crypto algorithm could be exploited in such a away as to enable certificates issued by the Microsoft Terminal Services licensing certification authority (for Remote Desktop services authorization in the enterprise) to be used to sign code as Microsoft itself without accessing the Microsoft internal PKI infrastructure which exists to prevent such abuse, rather than the intended use which is limited license server verification.

Of course, it's not just Flame that's the problem here; such unauthorised certificates could spoof content used for phishing purposes or even man-in-the-middle banking attacks. As such Microsoft has released an emergency patch which revokes the trust of a number of intermediate CA certificates across all supported releases of the Windows platform. Microsoft has now discontinued issuing certificates usable for code signing via the Terminal Services activation and licensing process.

Member Avatar for LastMitch
LastMitch

Following the exposure of the Flame worm, Microsoft started investigating and discovered that a particular old crypto algorithm could be exploited in such a away as to enable certificates issued by the Microsoft Terminal Services licensing certification authority (for Remote Desktop services authorization in the enterprise) to be used to sign code as Microsoft itself without accessing the Microsoft internal PKI infrastructure which exists to prevent such abuse, rather than the intended use which is limited license server verification.

Microsoft really needs to improve their softwares meaning enable security prevent these strings of fake. This can't keep happening.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.