Security Advisor

Microsoft Issues Advisory To Block Spoofed Google and Yahoo SSL Certs

The update will prevent the spoofed certificates from being used in man-in-the-middle attacks.

Microsoft has released a security advisory today to block 45 sensitive secure sockets layer (SSL) certificates that have been unofficially issued by hackers.

Security Advisory 2982792, which Microsoft titled "Improperly Issed Digital Certificates Could Allow Spoofing," applies to all supported versions of Windows OS and Windows Server.

"Microsoft is aware of improperly issued SSL certificates that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks," read the security advisory. "The SSL certificates were improperly issued by the National Informatics Centre (NIC), which operates subordinate CAs [certificate authorities] under root CAs operated by the Government of India Controller of Certifying Authorities (CCA), which are CAs present in the Trusted Root Certification Authorities Store."

According to Microsoft, one of the subordinate certificate authorities had been manipulated to issue the 45 spoofed SSL certificates, all appearing to be legitimately originating from Google, Yahoo and one for, a cloud platform-as-a-service company. Some include,,, and, to name a few.

For those Windows 7, Vista, Windows Server 2008 and Windows Server 2008 R2 users with automatic updates enabled and all Windows 8/8.1/RT and Windows Server 2012/2012 R2 users, the update to  the  Certificate Trust list (CTL) will be automatically applied. Those without automatic updates enabled will not receive the CTL update and will have to either activate it to get the spoofed certificates added to the blocked list or manually install the update from here.

While Microsoft has said that there has been no known attacks pulled off with the blacklisted certificates, users on unprotected systems could have their traffic monitored by an attacker.

Even though no malicious actions were taken, security researcher Craig Young at Tripwire said today's advisory is a reminder that using public key infrastructures to authenticate certificates is a flawed system. "The system we use for securing Web sites is based on the network of trusted certificate authorities and subordinate authorities," said Young in an e-mailed statement. "When any one of these authorities is controlled by someone with malicious intentions it's possible to impersonate services such as web sites, email, and file transfer. The malicious possibilities are limitless."

Young said it may be worth looking into a system similar to how the Gmail app for Android functions, in which software can only accept "pinned" certificates instead of issuing new certificates (which will continue to be targeted by attackers). However, Young acknowledged that how the Web is currently set up today, this would not be practical.

About the Author

Chris Paoli is the site producer for and


  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.