Microsoft releases certificate spoof fix for Windows XP, Server 2003

The company initially released protection against improper certificates issued by the French government certificate authority without support for XP and Server 2003, but have now come through.

On Monday of this week  Microsoft annouced measures take to respond  to the creation of an improper intermediate certificate authority (CA) by the CA for the government of France, and the use of that intermediate CA to sign fake certificates for domains in the google.com and other domains for which they had no authority.

Initially, Microsoft released countermeasures to protect users against any potential effects of these certificates —although none have been reported and the problem seems to have been contained — but they only released that protection for devices running supported editions of Windows Vista, Windows 7, Windows 8, Windows 8.1, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Phone 8 — not for Windows XP or Windows Server 2003. All support for Windows XP will end after Patch Tuesday this coming April, 2014. Support for Windows Server 2003 will extend into 2015.

Tonight, Microsoft released separate certificate protection for Windows XP and Windows Server 2003 users. The protection may be installed from Microsoft Update or downloaded from the Microsoft Download Center.

In their advisory on the issue Microsoft thanks Google's Adam Langley and the Google Chrome Security Team for bringing the incident to their attention and working with them on the response.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All