[Full-disclosure] Unauthorized Digital Certificates Could Allow Spoofing
juha-matti.laurio at netti.fi
Mon Jun 4 15:25:47 BST 2012
Certification path of the certificate that was used to sign WUSetupV.exe used by the Flame malware [pic]:
Shreyas Zare [shreyas at secfence.com] wrote:
> On Mon, Jun 4, 2012 at 7:21 PM, Georgi Guninski <guninski at guninski.com> wrote:
> > http://technet.microsoft.com/en-us/security/advisory/2718704
> > Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority.
> > what does this mean?
> > m$ inadvertently gave signing rights to lusers, they got rooted
> > or something else?
> Shreyas Zare
> Sr. Information Security Researcher
> Secfence Technologies
Full-Disclosure is hosted and sponsored by Secunia.