Microsoft flamed over code signing certificate error UserPageVisits:318 active 80 80 DaniWeb 561 60 2013-03-10T18:39:18+00:00 https://www.daniweb.com/hardware-and-software/microsoft-windows/news/424885/microsoft-flamed-over-code-signing-certificate-error

Microsoft flamed over code signing certificate error

happygeek

Microsoft Security Advisory notices do not, as a rule, make the media sit up and take much notice. Not least as they have become relatively commonplace over the years, but every now and then one comes along which may grab some press attention. Take MSA 2718704 for example.

dweb-microsoftflamed At first the advisory with the expanded title of "Unauthorized Digital Certificates Could Allow Spoofing" issued on June 3rd doesn't hold out much hope in the immediately interesting stakes. However, when you realise that components of the Flame worm (as reported here on DaniWeb) were signed with a certificate that ultimately 'chained up' to the Microsoft Root Authority via the Microsoft Enforced Licensing Intermediate PCA Certificate Authority, and exposed a potentially serious problem with such code-signing certificates that could enable malware code to be validated as a Microsoft product, the interest starts to become clear.

Following the exposure of the Flame worm, Microsoft started investigating and discovered that a particular old crypto algorithm could be exploited in such a away as to enable certificates issued by the Microsoft Terminal Services licensing certification authority (for Remote Desktop services authorization in the enterprise) to be used to sign code as Microsoft itself without accessing the Microsoft internal PKI infrastructure which exists to prevent such abuse, rather than the intended use which is limited license server verification.

Of course, it's not just Flame that's the problem here; such unauthorised certificates could spoof content used for phishing purposes or even man-in-the-middle banking attacks. As such Microsoft has released an emergency patch which revokes the trust of a number of intermediate CA certificates across all supported releases of the Windows platform. Microsoft has now discontinued issuing certificates usable for code signing via the Terminal Services activation and licensing process.

318 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Member Avatar
LastMitch

Following the exposure of the Flame worm, Microsoft started investigating and discovered that a particular old crypto algorithm could be exploited in such a away as to enable certificates issued by the Microsoft Terminal Services licensing certification authority (for Remote Desktop services authorization in the enterprise) to be used to sign code as Microsoft itself without accessing the Microsoft internal PKI infrastructure which exists to prevent such abuse, rather than the intended use which is limited license server verification.

Microsoft really needs to improve their softwares meaning enable security prevent these strings of fake. This can't keep happening.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.19 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.