SystemPro News - 2001-03-23
this is an update on the issue of the invalid security certificate issued by
Verisign. Two certificate were issued to an unkonwn individual outside of
Microsoft. However, the certificate claimed to belong to "Microsoft
Corporation". I send email on this issue on March, 23rd. My original mail
is available in our news archive at
Recently, Microsoft has made a patch available to detect and block the
invalid certificate. To obtain it, please visit
This patch ensures your system connects to Verisign to retrieve the
"certificate revocation list". That list contains all certificates
revoked for whatever reason. As such, the patch not only solves the current
issue with the fraudulent "Microsoft" certificate but also potential
similiar security risks with other certificates.
Microsoft strongly recommends installing the patch on all systems (see
Microsoft link above for details).