Microsoft releases certificate spoof fix for Windows XP, Server 2003

Summary:The company initially released protection against improper certificates issued by the French government certificate authority without support for XP and Server 2003, but have now come through.

On Monday of this week  Microsoft annouced measures take to respond  to the creation of an improper intermediate certificate authority (CA) by the CA for the government of France, and the use of that intermediate CA to sign fake certificates for domains in the google.com and other domains for which they had no authority.

Initially, Microsoft released countermeasures to protect users against any potential effects of these certificates —although none have been reported and the problem seems to have been contained — but they only released that protection for devices running supported editions of Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Phone 8 — not for Windows XP or Windows Server 2003. All support for Windows XP will end after Patch Tuesday this coming April, 2014. Support for Windows Server 2003 will extend into 2015.

Tonight, Microsoft released separate certificate protection for Windows XP and Windows Server 2003 users. The protection may be installed from Microsoft Update or downloaded from the Microsoft Download Center.

In their advisory on the issue Microsoft thanks Google's Adam Langley and the Google Chrome Security Team for bringing the incident to their attention and working with them on the response.

Topics: Security, Microsoft

About

Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.