Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Microsoft Releases Diginotar Related Patch and Advisory SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft Releases Diginotar Related Patch and Advisory

Microsoft released an advisory [1] earlier today announcing that they will place a number of DigiNotar root certificates on the "not trusted" list. 

A blog article further explains how certificate stores can be manipulated manually [2].

One important difference between this most recent advisory, and an earlier advisory [3] is that Windows Mobile 6.x/7/7.5 is no longer listed as affected. The earlier advisory stated that Windows Mobile 6.x and 7 are affected. It didn't mention Windows Mobile 7.5. (thanks to a read for pointing this out)



Johannes B. Ullrich, Ph.D.
SANS Technology Institute

I will be teaching next: Defending Web Applications Security Essentials - SANS Cyber Defense Initiative 2021


4307 Posts
ISC Handler
Sep 6th 2011
... And now that everybody is updated to Firefox v6.0.2, Chrome v13.0.782.220, and applied MS Security Advisory 2607712... updated, we're all comfy and ready to deal with this:

Sep. 6, 2011 AMSTERDAM (AP) — "A company that sells certificates guaranteeing the security of websites, GlobalSign, says it is temporarily halting the issuance of new certificates over concerns it may have been targeted by hackers..."

"It's a beautiful day in the neighborhood ..." - Mr. Rodgers

160 Posts
You can download the update from here: - however, it requires Windows Genuine Advantage validation. Maybe they are hoping that people using pirated copies of Windows will get hacked?

35 Posts
You can also just delete the trusted certs from the cert store in Windows.

24 Posts

Sign Up for Free or Log In to start participating in the conversation!