Protect Your Windows Computer from Fraudulent Certificates

Wednesday, March 23, 2011
Today it was revealed that a serious security breach occurred at Comodo, a trusted certificate provider.  The breach appears to have come from Iran and several "high value certificates" were obtained.

These X.509 certificates include:
  • login.live.com
  • mail.google.com
  • www.google.com
  • login.yahoo.com (3 certificates)
  • login.skype.com
  • addons.mozilla.org
  • "Global Trustee"
To protect your Windows computer (PC or server) from trusting these high value certificates, download and install KB2524375 Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing from Microsoft as soon as possible.  The installation takes only a minute and does not require a restart.

KB2524375 updates both the Computer's and User's Untrusted Certificates list to include the compromised certificates.

Here's what the list looks like before the update:


And here's what it looks like after the update:


Please take a minute to update your computers now.  This update is also being pushed out through Windows Update as I write this.