Title

Microsoft Windows Fraudulent Digital Certificates Vulnerability (Cat II impact)

Discussion

Microsoft has released a security advisory to address multiple fraudulent digital certificates affecting supported releases of Microsoft Windows. A public key certificate (also known as a digital certificate or identity certificate) is an electronic document used to prove ownership of a public key. Microsoft is aware of unconstrained digital certificates from Dell Inc. for which the private keys were inadvertently disclosed. One of these unconstrained certificates could be used to issue other certificates, impersonate other domains, or sign code. In addition, these certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against Dell customers.

Check Content

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-64735

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.