Security advisory: Fraudulent digital certificates could allow spoofing

Microsoft released a security advisory today warning about
fraudulent digital certificates that could be used to spoof content, perform
phishing attacks, or perform other exploits that could put you at risk.

The best way to protect yourself is to turn on Windows
automatic updating

What are digital certificates?

Digital certificates are used to verify the identity of a website.

We’re releasing this advisory because Comodo, a major
certification authority, informed Microsoft that several digital certificates
have been issued without sufficiently validating their identity. These
certificates could be used to spoof the identity of services and trick you into
trusting them.

Comodo has revoked these certificates, and they are listed
in Comodo’s current Certificate Revocation List (CRL). If your computer is up
to date, it will recognize that these certificates are invalid.

For more information:



About the Author
Eve Blakemore

Group Manager, Trustworthy Computing

Eve Blakemore is a Group Manager for Trustworthy Computing who delivers consumer guidance around the latest trends in security and privacy. Eve joined Microsoft in 1998 and has worked in corporate and field roles with Microsoft Learning, US Public Sector, Read more »

Join the conversation

  1. Anonymous

    I got a suspicious email supposedly from Hotmail live asking for my password, and other sensitive information. it says if i don't give it withing 2 weeks. i'll loose my account. is this real? i will not answer till i know more. but since there is no way to contact hotmail advisors, i am asking any of you.

  2. Anonymous

    @ elf McChristmas,

    Delete the email, that is a phishing email.

  3. Anonymous

    It's only true if you want it to be!

    What this means is if you want to fall for this scam by all means help yourself.

  4. Anonymous

    I continuously get them from my ISP and yet they tell me that their Certificate is up to date.  Not only do I get it with IE-9 but with Office Pro's 2010 Outlook.  Somethings screwy here it they are telling me they are up to date and Microsoft isn't picking it up.

  5. Anonymous

    Always check where it came from, elf.  And for the record with any known legit website, they should never ask for any sensitive info.  Everything you do on the Net is completely voluntary.  

  6. Anonymous

    That email you got is fake. Don't give them your password or any other information.

Comments are closed.