Microsoft has issued a security advisory warning users of fraudulent digital certificates that could be used for spoofing and performing phishing attacks. Nine fraudulent certificates were signed by Comodo Inc., on behalf of a third part without sufficiently validating its identity. Comodo Inc. is a certification authority present in the Trusted Root Certification Authorities Store on all supported versions of Microsoft Windows.
Since digital certificates are used to verify the authenticity of a website, the certificates could potentially be used to perform phishing attacks, man-in-the-middle attacks, and content spoofing against users of any Web browser,. The certificates are known to affect several Web properties, including login.live.com, mail.google.com, www.google.com, login.yahoo.com (three certificates), login.skype.com, addons.mozilla.org and "Global Trustee”. These certificates were issued through a breached registration authority (RA), causing improperly authentication of the applicant. The attackers’ IP address has been traced back to Tehran, Iran by Comodo. This might have been a state sponsored attack, according to Comodo.
According to the advisory, Comodo Inc. has already revoked the fraudulent certificates as of last week, as well as listed them in Comodo’s current Certificate Revocation List (CRL). Apart from this, browsers with online certificate status protocol (OCSP) enabled will interactively validate these certificates, and block them.
The vulnerability affects users on all versions of Windows. Microsoft has a released a critical update (KB2524375) available through Windows Update as well as at the Microsoft Download Center, to address this issue for all supported Windows versions. In addition, patches have also been issued by vendors of all major browsers. Get more information about the update here.