Microsoft Warns Of Phony Windows Live Digital Certificate
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
Microsoft is now revoking and blacklisting a newly discovered phony SSL certificate for the domain 'live.fi' that could be used to spoof content and wage phishing and man-in-the-middle attacks, the software company said today. The 'live.fi' domain is Windows Live.
Comodo, the certificate authority that inadvertently issued the phony cert, has revoked it. Microsoft says it's not aware of any attacks using the phony cert, which cannot be used to impersonate domains, sign code, nor issue other certificates. All versions of Windows are affected, and automatic updates will pull the phony cert.
"A certificate was improperly issued due to a misconfigured privileged email account on the live.fi domain. An email account was able to be registered for the live.fi domain using a privileged username, which was subsequently used to request an unauthorized certificate for that domain," Microsoft said in a security advisory released late last night.
For details, see the Microsoft advisory here.
Read more about:
2015About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024