Jump to content

Microsoft Blocks D-Link's Leaked Code-Signing Key in All Versions of Windows


Batu69

Recommended Posts

Redmond says malware could disguise as D-Link apps

Microsoft has recently patched Windows to block the code-signing key that D-Link recently leaked accidentally, explaining that malware might be using it to disguise as legitimate apps that can compromise computers running its operating system.

We live in the era of leaks and hacks, and accidents such as the one that involved D-Link could expose our computers even more, unless tech companies treat such cases seriously and patch security holes as fast as possible.

This time, it turns out that Microsoft was super-fast and updated its Certificate Trust List to block software that’s signed with D-Link’s private key that got leaked.

Additionally, Microsoft has also updated this list to stop accepting three other keys that reached the web lately and which could also be used by malware creators to infiltrate into Windows computers.

The key that D-Link accidentally published online expired in early September, but Microsoft warns that apps containing malware which were signed before this date can still land on a Windows computer unless the patch is applied.

“Microsoft is aware of four digital certificates that were inadvertently disclosed by D-Link Corporation that could be used in attempts to spoof content. The disclosed end-entity certificates cannot be used to issue other certificates or impersonate other domains, but could be used to sign code. This issue affects all supported releases of Microsoft Windows,” the company says.

What you need to do

If the automatic updater of revoked certificates is enabled, you don’t have to move a single finger because your Windows system automatically gets the new list and blocks the new keys. The four digital certificates are valid for D-Link, Alpha Networks, Keebox, and TrendNet.

Supported Windows versions are all protected now, including Vista, 7, 8, RT, 8.1, 10, Server 2008, Server 2012, and Windows Phone, both 8 and 8.1. Windows Server Technical Preview 3 need to install the update from Windows Update, Microsoft says.

If you want to check whether the certificate has been successfully added to your Microsoft Untrusted Certificates list or not, launch Event Viewer from the Start menu, open the Application log and look for the following entry:


Source: CAPI2
Level: Information
Event ID: 4112
Description: Successful auto update of disallowed certificate list with effective date: Thursday, September 24, 2015 (or later).

Source

Link to comment
Share on other sites


  • Replies 1
  • Views 1.4k
  • Created
  • Last Reply
  • Administrator

Never knew such automatic updating of list existed. Seems to work even on computers which have Windows Update disabled, atleast from what I can see.

Link to comment
Share on other sites


Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...