Microsoft has issued a security advisory that affects users of all currently supported versions of Windows, including Windows 8, Windows Phone, and Windows RT. Though no immediate action may be required from the user on select platforms, it is important to know what is happening as it relates to the improper issuance of SSL certificates, which Microsoft says "could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks."
Admittedly, the company says that no such attacks have been confirmed as a result of improperly issued certificates by the National Informatics Centre in India. However, "to help protect customers from potentially fraudulent use of this digital certificate, Microsoft is updating the Certificate Trust list (CTL) for all supported releases of Microsoft Windows to remove the trust of certificates that are causing this issue."
For most platforms, customers do not need to take any action and an automatic updater should take care of things.
An automatic updater of revoked certificates is included in supported editions of Windows 8, Windows 8.1, Windows RT, Windows RT 8.1, Windows Server 2012, and Windows Server 2012 R2, and for devices running Windows Phone 8 or Windows Phone 8.1. For these operating systems or devices, customers do not need to take any action because the CTL will be updated automatically.
For systems running Windows Vista, Windows 7, Windows Server 2008, or Windows Server 2008 R2 that are using the automatic updater of revoked certificates (see Microsoft Knowledge Base Article 2677070 for details), customers do not need to take any action because the CTL will be updated automatically.
Older systems should install the automatic updater and of course to stay up to date.
Thanks, Richard, for the tip.
You can read more about the security advisory from Microsoft's site.
We may earn a commission for purchases using our links. Learn more.