
Microsoft has revoked a security certificate which it said was "improperly issued."
The company said in a security advisory Monday that the certificate, issued for the Finnish "live.fi" domain, could be used to "spoof content, perform phishing attacks, or perform man-in-the-middle attacks."
It also warned that the certificate affects every version of Windows.
However, devices running Windows 8 and Windows Phone 8 and later (including Windows Server 2012 and later) should revoke the certificate automatically.
But reports later following the announcement downplayed the risks in this particular case.
The security certificate, which encrypts data from Windows devices to Microsoft's servers, was issued by Comodo after an unauthorized person was able to register an email account on the "live.fi" domain using a "privileged" username.
That person used an email address, such as "hostmaster" and "administrator" -- which are generally unavailable to the public -- to go on to create the certificate.
But a later report said the person in question alerted both Microsoft and Finnish authorities [Finnish] but was ignored. According to Finnish online publication Tivi, after the person registered the email address, they began to receive automated sensitive messages.
The person said Microsoft was reportedly be slow to respond -- allegedly four to six weeks later -- by blocking the email account.
We reached out to Microsoft but did not immediately hear back.
Join Discussion