Xboxlive digital certificate private key is compromised, the user or the man in the middle attacks-vulnerability warning-the black bar safety net

ID MYHACK58:62201569970
Type myhack58
Reporter 佚名
Modified 2015-12-12T00:00:00


! Microsoft confirmed*Xboxlive. com domain name for the SSL/TLS digital certificate private key has been compromised, by the attacker is used to attempt to launch a MiTM attack, but the private key cannot be used to sign other certificates or code, or fake other domain names. Xboxlive certificate is included in all of the windows Support version, the influence range is very wide, but Microsoft currently has not found that the use of the private key attack of the case. Microsoft is updating the Certificate Trust list (CTL) to revoke the certificate of trust, I hope everyone can automatically receive undo Xboxlive SSL server certificate of the notification. Microsoft and no description has been how many people have seen the certificate, but do not wish the key has been used to launch attacks. ! In the face of this problem most Windows users have nothing to do, but Vista, windows 7, windows server 2 0 0 8, windows server 2 0 0 8 R2 users need to turn on the automatic certificate updates. For not open automatically to update the certificate user, you should use the MMC Certificate management console is compromised of the certificates added to the untrusted certificate list. In the application after the update, the user and how do you know this certificate in the untrusted certificates list? Certificate of withdrawal after confirmation For Turn on automatic updating of trusted certificate list Vista, windows 7, windows server 2 0 0 8, windows server 2 0 0 8 R2 System, windows 8, windows 8.1, windows RT, windows RT 8.1, windows server 2 0 1 2, windows server 2 0 1 2 R2, windows 1 0, windows 1 0 1 5 1 1 version of the system, the user can use the Event Viewer check the Application log the following fields: Source: CAPI2 Level: Information Event ID: 4 1 1 2 Description: Successful auto update of disallowed certificate list with effective date: Tuesday, December 1, 2 0 1 5 (or later). For there is no use to automatically update the certificate list of the system, to confirm the following this certificate has been added into the untrusted certificates list being: !