Fraudulent Digital Certificates Could Allow Spoofing – Version: 5.0

Severity Rating:
Revision Note: V5.0 (July 6, 2011): Announced the release of an update for Zune HD devices and moved Zune devices to the Non-Affected Devices table.
Summary: Microsoft is aware of nine fraudulent digital certificates issued by Comodo, a certification authority present in the Trusted Root Certification Authorities Store, on all supported releases of Microsoft Windows, Windows Mobile 6.x, Windows Phone 7, Microsoft Kin, and Zune HD devices. Comodo advised Microsoft on March 16, 2011 that nine certificates had been signed on behalf of a third party without sufficiently validating its identity. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

Leave a Reply