-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0067 Title: Vulnerability in Microsoft Certificate Authority[1] Version history: 04.06.2012 Initial publication Summary and Potential impact ============================ Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Vulnerable Systems ================== This issue affects all supported releases of Microsoft Windows. What can you do? ================ Fixes are available that revoke the trust of the following intermediate CA certificates: * Microsoft Enforced Licensing Intermediate PCA (2 certificates) * Microsoft Enforced Licensing Registration Authority CA (SHA1) What to tell your users? ======================== N/A More information ================ [1] Microsoft Security Advisory 2718704 - http://technet.microsoft.com/security/advisory/2718704 Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 Privacy Statement: http://cert.europa.eu/cert/plainedition/en/cert_privacy.html (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJPzHgcAAoJEPpzpNLI8SVoZCcP/RuLHqxZgV2qTrE0FjR3gpWw oaVNGeLscZ9j3eoUmao2JQ0iVl2fqPj0hYobXVs+sG3CdvkbiCLeHLhEjW/Qm6N8 Uh+Rtp1YePTX7d02vorX/Zf91gEU14dsZSFmA556yqWERlWugLOiT8erdVML9gkd YRJxeohhh0J3PID3Qe+RV/JPjbwZYg3WskX/tWmC1yckdp1r0PpusjIIo6AiTVNT c9wYLN+6SkXQiKvCTamSqinhnemOLCeyS3FvMqatSMyMBS/DIfl15mnfG8GYjp01 PJ+lAsdDQ7DJwxgKUfKMo4p6xnpQYjVzj5HDhc2Ji0XyHsglNdLq1bunoZV3v43g puTvI4g5Nb4HeMXdVsk8dkf52bpasN9YsMf+xlKtwanW4rUduDEP+MtEUBDxlFGC NszLSYTITuTVEb2rBpQXfTGY8SKGRuU0/S3tnycioiQ09nhUnTMhcc25RC9piMN9 mOHBMsH7Rtw5zhoP5JkJqM17Gpi32n/hbblVI01m6VaMfNCvUaOA7oMDFNpGSbgf o3DGbOSiwTCrpqSW+xRqdcHsprr2pC/CNu67sRS8z3Lq9ARoQ0yqORSc8vTi/S9l UWGMfRhofWtLk2BfktzCgQjfmD9tXlFsbrUenSQJPNxFdwgBA0B/6kfucbK4GVd2 8bh0VwF2q0zC8ER3sbGw =Auh/ -----END PGP SIGNATURE-----