SystemPro News - 2001-03-23

Hello,

this is an update on the issue of the invalid security certificate issued by Verisign. Two certificate were issued to an unkonwn individual outside of Microsoft. However, the certificate claimed to belong to "Microsoft Corporation". I send email on this issue on March, 23rd. My original mail is available in our news archive at

http://www.windows-expert.net/newsletter-archive/2001-03-23.asp

Recently, Microsoft has made a patch available to detect and block the invalid certificate. To obtain it, please visit

http://www.microsoft.com/technet/security/bulletin/ms01-017.asp

This patch ensures your system connects to Verisign to retrieve the "certificate revocation list". That list contains all certificates revoked for whatever reason. As such, the patch not only solves the current issue with the fraudulent "Microsoft" certificate but also potential similiar security risks with other certificates.

Microsoft strongly recommends installing the patch on all systems (see Microsoft link above for details).

Sincerely,
Rainer Gerhards

 

Back to Non-Printer Version