Batu69 Posted September 25, 2015 Share Posted September 25, 2015 Redmond says malware could disguise as D-Link appsMicrosoft has recently patched Windows to block the code-signing key that D-Link recently leaked accidentally, explaining that malware might be using it to disguise as legitimate apps that can compromise computers running its operating system. We live in the era of leaks and hacks, and accidents such as the one that involved D-Link could expose our computers even more, unless tech companies treat such cases seriously and patch security holes as fast as possible. This time, it turns out that Microsoft was super-fast and updated its Certificate Trust List to block software that’s signed with D-Link’s private key that got leaked. Additionally, Microsoft has also updated this list to stop accepting three other keys that reached the web lately and which could also be used by malware creators to infiltrate into Windows computers. The key that D-Link accidentally published online expired in early September, but Microsoft warns that apps containing malware which were signed before this date can still land on a Windows computer unless the patch is applied. “Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other certificates or impersonate other domains, but could be used to sign code. This issue affects all supported releases of Microsoft Windows,” the company says. What you need to do If the automatic updater of revoked certificates is enabled, you don’t have to move a single finger because your Windows system automatically gets the new list and blocks the new keys. The four digital certificates are valid for D-Link, Alpha Networks, Keebox, and TrendNet. Supported Windows versions are all protected now, including Vista, 7, 8, RT, 8.1, 10, Server 2008, Server 2012, and Windows Phone, both 8 and 8.1. Windows Server Technical Preview 3 need to install the update from Windows Update, Microsoft says. If you want to check whether the certificate has been successfully added to your Microsoft Untrusted Certificates list or not, launch Event Viewer from the Start menu, open the Application log and look for the following entry: Source: CAPI2 Level: Information Event ID: 4112 Description: Successful auto update of disallowed certificate list with effective date: Thursday, September 24, 2015 (or later). Source Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted September 25, 2015 Administrator Share Posted September 25, 2015 Never knew such automatic updating of list existed. Seems to work even on computers which have Windows Update disabled, atleast from what I can see. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.