Security Advisory

Microsoft Security Advisory 2607712

Fraudulent Digital Certificates Could Allow Spoofing

Published: August 29, 2011 | Updated: September 19, 2011

Version: 5.0

General Information

Executive Summary

Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store. A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

Microsoft is continuing to investigate this issue. Based on preliminary investigation, Microsoft is providing a new update (KB2616676) on September 13, 2011 for all supported releases of Microsoft Windows that revokes the trust of the following DigiNotar root certificates by placing them into the Microsoft Untrusted Certificate Store:

  • DigiNotar Root CA
  • DigiNotar Root CA G2
  • DigiNotar PKIoverheid CA Overheid
  • DigiNotar PKIoverheid CA Organisatie - G2
  • DigiNotar PKIoverheid CA Overheid en Bedrijven
  • DigiNotar Root CA Issued by Entrust (2 certificates)
  • DigiNotar Services 1024 CA Issued by Entrust
  • DigiNotar Cyber CA Issued by GTE CyberTrust (3 certificates)

Recommendation. Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. Please see the Suggested Actions section of this advisory for more information.

Known Issues. Microsoft Knowledge Base Article 2616676 documents the currently known issues that customers may experience when installing this update. The article also documents recommended solutions for these issues.

Advisory Details

Issue References

For more information about this issue, see the following references:

References Identification
Microsoft Knowledge Base Article 2616676

Affected Software and Devices

This advisory discusses the following software and devices.

Affected Software
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2*
Windows Server 2008 for x64-based Systems Service Pack 2*
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems and Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems and Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems and Windows Server 2008 R2 for x64-based Systems Service Pack 1*
Windows Server 2008 R2 for Itanium-based Systems and Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

*Server Core installation affected. This advisory applies to supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, whether or not installed using the Server Core installation option. For more information on this installation option, see the TechNet articles, Managing a Server Core Installation and Servicing a Server Core Installation. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options.

Non-Affected Devices
Windows Mobile 6.x
Windows Phone 7
Windows Phone 7.5

Frequently Asked Questions

Why was this advisory revised September 19, 2011?
Microsoft revised this advisory to announce the rerelease of the KB2616676 update. The rerelease is now cumulative and addresses a known issue described in Microsoft Knowledge Base Article 2616676 where the original KB2616676 update, on supported editions of Windows XP and Windows Server 2003 only, did not contain the digital certificates included in the KB2607712 and KB2524375 updates.

Customers of supported editions of Windows XP and Windows Server 2003 should apply the rereleased version of the KB2616676 update to be protected against the use of the fraudulent certificates as specified in this advisory. Customers of supported editions of Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 are not affected by this rerelease.

Note The update will not be offered to customers of supported editions of Windows XP and Windows Server 2003 in the case where the original KB2616676, KB2607712, and KB2524375 updates have all been previously applied as the rerelease package is cumulative and contains all changes from these three update packages.

The majority of customers have automatic updating enabled and will not need to take any action because the rereleased KB2616676 update will be downloaded and installed automatically.

Is Windows Developer Preview affected by this issue?
Yes. The KB2616676 update is available for the Windows Developer Preview release. Customers of Windows Developer Preview are encouraged to apply the update to their systems. The update is only available on Windows Update.

Why was this advisory revised September 13, 2011?
Microsoft revised this advisory to announce the release of the KB2616676 update that addresses this issue. The update adds six additional DigiNotar root certificates that are cross signed by Entrust or GTE to the Microsoft Untrusted Certificate Store. The KB2616676 update replaces the KB2607712 update and also contains the previous five DigiNotar root certificates added to the Microsoft Untrusted Certificate Store by the KB2607712 update.

Although the KB2616676 update replaces the KB2607712 update, the KB2607712 update is not a prerequisite for the KB2616676 update. Regardless of whether or not the KB2607712 update has been applied, customers should apply the KB2616676 update to address the issue described in this advisory. Customers who apply the KB2616676 update do not need to apply the KB2607712 update.

Why was this advisory revised September 6, 2011?
Microsoft revised this advisory to announce the release of an update that addresses this issue. The update adds five DigiNotar root certificates to the Microsoft Untrusted Certificate Store. Typically no action is required of customers to install this update, because the majority of customers have automatic updating enabled and this update will be downloaded and installed automatically. For customers who do not have automatic updating enabled, see Microsoft Knowledge Base Article 2607712 for information on how to manually apply the update.

On August 29, 2011, Microsoft removed the trust from one DigiNotar root certificate by updating the Microsoft CTL. Why is Microsoft releasing an update?
Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 use the Microsoft Certificate Trust List to validate the trust of a certification authority. Windows XP and Windows Server 2003 do not use the Microsoft Certificate Trust List to validate the trust of a certification authority. As a result, an update is needed for all editions of Windows XP and Windows Server 2003 to protect customers.

After the CTL update on August 29, 2011, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2 users who accessed a Web site that was signed by an untrusted DigiNotar root certificate would be presented with a warning message indicating that the trust of the certificate could not be verified. Users were allowed to click through this warning message to access the site.

In order to protect customers more comprehensively against possible man-in-the-middle attacks, Microsoft is releasing an update that takes additional measures to protect customers by completely preventing Internet Explorer users from accessing resources of Web sites that contained certificates signed by the untrusted DigiNotar root certificates. Internet Explorer users who apply this update will be presented with an error message when trying to access a Web site that has been signed by either of the above DigiNotar root certificates. These users will not be able to continue to access the Web site.

What does the KB2616676 update do?
On all supported releases of Microsoft Windows, the KB2616676 update adds eleven DigiNotar root certificates to the Microsoft Untrusted Certificate Store. In addition, the KB2616676 update also includes the certificates in the KB2524375 update that was released on July 6, 2011.

How will this update change the user experience when trying to access a Web site that has been encrypted with TLS and signed by an untrusted DigiNotar root certificate?
Internet Explorer users who try to access a Web site that has been signed by an untrusted DigiNotar root certificate will be prompted with an error message. Due to the fact that this certificate is located in the Microsoft Untrusted Certificate Store, Internet Explorer will not allow users to proceed to the Web site. The Web site will remain unavailable until the Web site certificate is replaced with a new certificate that is signed by a trusted root certificate.

After applying the update, how can I verify the certificates in the Microsoft Untrusted Certificates Store?
For information on how to view certificates, see the MSDN article, How to: View Certificates with the MMC Snap-in.

In the Certificates MMC snap-in, verify that the following certificates have been added to the Untrusted Certificates folder:

Certificate Issued by Thumbprint Update*
DigiNotar Root CA DigiNotar Root CA c0 60 ed 44 cb d8 81 bd 0e f8 6c 0b a2 87 dd cf 81 67 47 8c KB2607712,\ KB2616676
DigiNotar Root CA G2 DigiNotar Root CA G2 43 d9 bc b5 68 e0 39 d0 73 a7 4a 71 d8 51 1f 74 76 08 9c c3 KB2607712,\ KB2616676
DigiNotar PKIoverheid CA Overheid Staat der Nederlanden Overheid CA b5 33 34 5d 06 f6 45 16 40 3c 00 da 03 18 7d 3b fe f5 91 56 KB2607712,\ KB2616676
DigiNotar PKIoverheid CA Organisatie - G2 Staat der Nederlanden Organisatie CA - G2 5d e8 3e e8 2a c5 09 0a ea 9d 6a c4 e7 a6 e2 13 f9 46 e1 79 KB2607712,\ KB2616676
DigiNotar PKIoverheid CA Overheid en Bedrijven Staat der Nederlanden Overheid CA 40 aa 38 73 1b d1 89 f9 cd b5 b9 dc 35 e2 13 6f 38 77 7a f4 KB2607712,\ KB2616676
DigiNotar Root CA Entrust.net Secure Server Certification Authority 86 e8 17 c8 1a 5c a6 72 fe 00 0f 36 f8 78 c1 95 18 d6 f8 44 KB2616676
DigiNotar Root CA Entrust.net Secure Server Certification Authority ‎36 7d 4b 3b 4f cb bc 0b 76 7b 2e c0 cd b2 a3 6e ab 71 a4 eb KB2616676
DigiNotar Services 1024 CA Entrust.net Secure Server Certification Authority ‎f8 a5 4e 03 aa dc 56 92 b8 50 49 6a 4c 46 30 ff ea a2 9d 83 KB2616676
DigiNotar Cyber CA GTE CyberTrust Global Root ‎b8 6e 79 16 20 f7 59 f1 7b 8d 25 e3 8c a8 be 32 e7 d5 ea c2 KB2616676
DigiNotar Cyber CA GTE CyberTrust Global Root ‎2b 84 bf bb 34 ee 2e f9 49 fe 1c be 30 aa 02 64 16 eb 22 16 KB2616676
DigiNotar Cyber CA GTE CyberTrust Global Root ‎98 45 a4 31 d5 19 59 ca f2 25 32 2b 4a 4f e9 f2 23 ce 6d 15 KB2616676

*Certificate added to the Untrusted Certificates folder by these updates.

The KB2616676 update also includes the certificates in the KB2524375 update added to the Untrusted Certificates folder.

What is the scope of the advisory?
The purpose of this advisory is to notify customers that Microsoft has confirmed at least one fraudulent certificate has been issued by DigiNotar and is being used in active attacks. Microsoft has issued an update for all supported releases of Microsoft Windows that addresses the issue.

What is cryptography?
Cryptography is the science of securing information by converting it between its normal, readable state (called plaintext) and one in which the data is obscured (known as ciphertext).

In all forms of cryptography, a value known as a key is used in conjunction with a procedure called a crypto algorithm to transform plaintext data into ciphertext. In the most familiar type of cryptography, secret-key cryptography, the ciphertext is transformed back into plaintext using the same key. However, in a second type of cryptography, public-key cryptography, a different key is used to transform the ciphertext back into plaintext.

What is a digital certificate?
In public-key cryptography, one of the keys, known as the private key, must be kept secret. The other key, known as the public key, is intended to be shared with the world. However, there must be a way for the owner of the key to tell the world who the key belongs to. Digital certificates provide a way to do this. A digital certificate is a tamperproof piece of data that packages a public key together with information about it - who owns it, what it can be used for, when it expires, and so forth.

What are certificates used for?
Certificates are used primarily to verify the identity of a person or device, authenticate a service, or encrypt files. Normally you won’t have to think about certificates at all. You might, however, see a message telling you that a certificate is expired or invalid. In those cases you should follow the instructions in the message.

What is a certification authority (CA)?
Certification authorities are the organizations that issue certificates. They establish and verify the authenticity of public keys that belong to people or other certification authorities, and they verify the identity of a person or organization that asks for a certificate.

What is a Certificate Trust List (CTL)?
A trust must exist between the recipient of a signed message and the signer of the message. One method of establishing this trust is through a certificate, an electronic document verifying that entities or persons are who they claim to be. A certificate is issued to an entity by a third party that is trusted by both of the other parties. So, each recipient of a signed message decides if the issuer of the signer's certificate is trustworthy. CryptoAPI has implemented a methodology to allow application developers to create applications that automatically verify certificates against a predefined list of trusted certificates or roots. This list of trusted entities (called subjects) is called a certificate trust list (CTL). For more information, please see the MSDN article, Certificate Trust Verification.

What caused the issue?
Microsoft is aware of active attacks using at least one fraudulent digital certificate issued by DigiNotar, a certification authority present in the Trusted Root Certification Authorities Store. A fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. While this is not a vulnerability in a Microsoft product, this issue affects all supported releases of Microsoft Windows.

What might an attacker use the vulnerability to do?
An attacker could use these certificates to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer.

What is a man-in-the-middle attack?
A man-in-the-middle attack occurs when an attacker reroutes communication between two users through the attacker’s computer without the knowledge of the two communicating users. Each user in the communication unknowingly sends traffic to and receives traffic from the attacker, all the while thinking they are communicating only with the intended user.

What is the procedure for revoking a certificate?
There is a standard procedure that should allow a certificate authority to prevent certificates from being accepted if they are used. Every certificate issuer periodically generates a CRL, which lists all the certificates that should be considered invalid. Every certificate should provide a piece of data called the CRL Distribution Point (CDP) that indicates the location where the CRL can be obtained.

An alternative way for Web browsers to validate the identity of a digital certificate is by using the Online Certificate Status Protocol (OCSP). OCSP allows interactive validation of a certificate by connecting to an OCSP responder, hosted by the Certificate Authority (CA) which signed the digital certificate. Every certificate should provide a pointer to the OCSP responder location through the Authority Information Access (AIA) extension in the certificate. In addition, OCSP stapling allows the Web server itself to provide an OCSP validation response to the client.

OCSP validation is enabled by default on Internet Explorer 7 and later versions of Internet Explorer on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. On these operating systems, if the OCSP validation check fails, the browser will validate the certificate by contacting the CRL Location.

For more information on certificate revocation checking, see the TechNet article, Certificate Revocation and Status Checking.

What is a Certificate Revocation List (CRL)?
CRL is a digitally signed list, issued by a CA, that contains a list of certificates issued by the CA and subsequently revoked by the CA. For each individual revoked certificate, the listing includes the serial number of the certificate, the date that the certificate was revoked, and the revocation reason. Applications can perform CRL checking to determine a presented certificate’s revocation status.

What is CRL Distribution Point (CDP)?
CDP is a certificate extension that indicates where the certificate revocation list for a CA can be retrieved. It can contain none, one, or many HTTP, file, or LDAP URLs.

What is Online Certificate Status Protocol (OCSP)?
OCSP is a protocol that allows real-time validation of a certificate’s status. Typically, an OCSP responder replies with the revocation status based on the CRL retrieved from the CA.

What is Microsoft doing to help with resolving this issue?
Although this issue does not result from an issue in any Microsoft product, we have nevertheless updated the Certificate Trust List to remove the trust in the DigiNotar root certificate. Microsoft will continue to investigate this issue and may release a future update to protect customers.

How do I know if I’ve encountered an invalid certificate error?
When Internet Explorer encounters an invalid certificate, users are presented with a Web page that says, "There is a problem with this website’s security certificate." Users are encouraged to close the Web page and navigate away from the site when this warning message appears.

Users are only presented this message when the certificate is determined to be invalid, for instance when the user has Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) validation enabled. OCSP validation is enabled by default on Internet Explorer 7 and later versions of Internet Explorer on supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

Suggested Actions

For supported releases of Microsoft Windows

The majority of customers have automatic updating enabled and will not need to take any action because the KB2616676 update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install the KB2616676 update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information on how to manually apply the update, see Microsoft Knowledge Base Article 2616676.

Although the KB2616676 update replaces the KB2607712 update, the KB2607712 update is not a prerequisite for the KB2616676 update. Regardless of whether or not the KB2607712 update has been applied, customers should apply the KB2616676 update to address the issue described in this advisory. Customers who apply the KB2616676 update do not need to apply the KB2607712 update.

Additional Suggested Actions

  • Protect your PC

    We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. Customers can learn more about these steps by visiting Protect Your Computer.

    For more information about staying safe on the Internet, visit Microsoft Security Central.

  • Keep Microsoft Software Updated

    Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Other Information

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections Web sites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

Support

  • Customers in the United States and Canada can receive technical support from Security Support. For more information about available support options, see Microsoft Help and Support.
  • International customers can receive support from their local Microsoft subsidiaries. For more information about how to contact Microsoft for international support issues, visit International Support.
  • Microsoft TechNet Security provides additional information about security in Microsoft products.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

  • V1.0 (August 29, 2011): Advisory published.
  • V2.0 (August 29, 2011): Revised to correct erroneous advisory number.
  • V3.0 (September 6, 2011): Revised to announce the release of an update that addresses this issue.
  • V4.0 (September 13, 2011): Revised to announce the release of the KB2616676 update that addresses the issue described in this advisory.
  • V4.1 (September 13, 2011): Revised to announce the availability of the KB2616676 update for the Windows Developer Preview release. See the Update FAQ in this advisory for more information.
  • V5.0 (September 19, 2011): Revised to announce the rerelease of the KB2616676 update. See the Update FAQ in this advisory for more information.

Built at 2014-04-18T13:49:36Z-07:00