Microsoft blacklists 'improperly issued' SSL certificate; affects all versions of Windows

Microsoft warned of "attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks," but reports quickly began to pin blame on the company.

(Image: CNET/CBS Interactive)

Microsoft has revoked a security certificate which it said was "improperly issued."

The company said in a security advisory Monday that the certificate, issued for the Finnish "live.fi" domain, could be used to "spoof content, perform phishing attacks, or perform man-in-the-middle attacks."

13 best privacy tools for staying secure

From encrypted instant messengers to secure browsers and operating systems, these privacy-enhancing apps, extensions, and services can protect you both online and offline.

It also warned that the certificate affects every version of Windows.

However, devices running Windows 8 and Windows Phone 8 and later (including Windows Server 2012 and later) should revoke the certificate automatically.

But reports later following the announcement downplayed the risks in this particular case.

The security certificate, which encrypts data from Windows devices to Microsoft's servers, was issued by Comodo after an unauthorized person was able to register an email account on the "live.fi" domain using a "privileged" username.

That person used an email address, such as "hostmaster" and "administrator" -- which are generally unavailable to the public -- to go on to create the certificate.

But a later report said the person in question alerted both Microsoft and Finnish authorities [Finnish] but was ignored. According to Finnish online publication Tivi, after the person registered the email address, they began to receive automated sensitive messages.

The person said Microsoft was reportedly be slow to respond -- allegedly four to six weeks later -- by blocking the email account.

We reached out to Microsoft but did not immediately hear back.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All