Video Screencast Help

Please include update in PMImport

Created: 09 Jan 2013 • Updated: 09 Jan 2013 | 1 comment
manionr's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote

PMImport does not include the following update suggested by Microsoft and vulnerable to active attacks.

 

KB2798897
Fraudulent Digital Certificates Could Allow Spoofing (2798897) Windows XP, Windows XP x64, Windows Server 2003, Windows Server 2003 x64, Windows 2003 Itanium,  Windows Vista, Windows Vista x64, Windows Server 2008, Windows Server 2008 x64, Windows Server 2008 Itanium, Windows 7, Windows 7 x64, Windows Server 2008 R2, Windows Server 2008 R2 for Itanium, Windows 8, Windows 8 x64, Windows Server 2012, Windows Phone 8 Microsoft is aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. 1 vulnerability addressed in this bulletin
 
What caused the issue? 
Microsoft became aware of active attacks using one fraudulent digital certificate issued by TURKTRUST Inc., which is a CA present in the Trusted Root Certification Authorities Store. TURKTRUST Inc. incorrectly created two subsidiary CAs (*.EGO.GOV.TR and e-islem.kktcmerkezbankasi.org). The *.EGO.GOV.TR was used to issue a fraudulent digital certificate to *.google.com. This fraudulent certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. 
 
What might an attacker do with these certificates? 
An attacker could use these certificates to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against several Google web properties. For example (full list available at the KB link): 
*.google.com
*.android.com
*.youtube.com
android.com
google-analytics.com
google.com
youtube.com
 
 
Known Issues. None
Microsoft is aware of active attacks -- Spoofing
Urgent - Apply to all affected endpoints within 4 weeks.
 

Comments 1 CommentJump to latest comment

AmolSontakke's picture

 

Hi All,

Support for KB-2798897 (http://support.microsoft.com/kb/2798897 ) is now available in PMImport version – x.x.1360.1 (PMS Environment 6.x, 7.0, 7.1).

Thanks & Regards,

Amol Sontakke

0
Login to vote