Unauthorized Digital Certificates Could Allow Spoofing – Version: 1.1

Severity Rating:
Revision Note: V1.1 (June 13, 2012): Advisory revised to notify customers that Windows Mobile 6.x, Windows Phone 7, and Windows Phone 7.5 devices are not affected by the issue.
Summary: Microsoft is aware of active attacks using three unauthorized digital certificates derived by a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. This issue affects all supported releases of Microsoft Windows.

Leave a Reply