Fixlet Request for Microsoft Security Advisory: 2798897

system · January 3, 2013, 10:16pm

(imported topic written by CSL2012)

Will a fixlet be provided for Microsoft Security Advisory 2798897? The advisory/patch was released (01/03/2013).

An update (KB2798897) for Microsoft Security Advisory: Fraudulent digital certificates could allow spoofing

Affected Software:

• Microsoft Windows XP

• Windows Server 2003

• Windows Vista

• Windows Server 2008

• Windows 7

• Windows Server 2008 R2

• Windows Server 2012

Summary:

Microsoft has released a Microsoft security advisory about this issue for IT professionals. This update is released for all supported versions of Microsoft Windows. This update revokes the trust of the following certificates by putting them in the Microsoft Untrusted Certificate Store:

•*.google.com issued by *.EGO.GOV.TR

• e-islem.kktcmerkezbankasi.org issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

•*.EGO.GOV.TR issued by TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

This update replaces update 2728973.

More Information: http://support.microsoft.com/kb/2798897 & http://technet.microsoft.com/en-us/security/advisory/2798897

Thanks,

Chi

system · January 4, 2013, 10:33am

(imported comment written by TerryWeiChao)

Thanks Chi, got this. We are working on it and will release the content later today.

-Terry

system · January 4, 2013, 1:25pm

(imported comment written by TerryWeiChao)

Content in the Patches for Windows (English) has been modified:

New Fixlet Messages:

2798897: Fraudulent digital certificates could allow spoofing - Windows Vista SP2 / 2008 R2 Gold/SP1 / 2008 SP2 / 7 Gold/SP1 (x64) (ID: 279889711)

2798897: Fraudulent digital certificates could allow spoofing - Windows XP SP2 / 2003 SP2 (x64) (ID: 279889703)

2798897: Fraudulent digital certificates could allow spoofing - Windows 8 Gold / 2012 Gold (x64) (ID: 279889709)

2798897: Fraudulent digital certificates could allow spoofing - Windows XP SP3 / 2003 SP2 (ID: 279889701)

2798897: Fraudulent digital certificates could allow spoofing - Windows Vista SP2 / 2008 SP2 / 7 Gold/SP1 (ID: 279889707)

2798897: Fraudulent digital certificates could allow spoofing - Windows 8 Gold (ID: 279889705)

Fully Superseded Fixlet Messages:

2728973: Unauthorized Digital Certificates Could Allow Spoofing - Windows XP / 2003 (Superseded) (ID: 272897301)

2728973: Unauthorized Digital Certificates Could Allow Spoofing - Windows Vista / 7 / 2008 / 2008 R2 (Superseded) (ID: 272897303)

MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure - Microsoft .NET Framework 3.5 SP1 - Windows XP SP3 / Windows Server 2003 SP2 / Windows Vista SP2 / Windows Server 2008 SP2 (Superseded) (ID: 1007013)

MS10-070: Vulnerability in ASP.NET Could Allow Information Disclosure - Microsoft .NET Framework 3.5 SP1 - Windows XP SP2 / Windows Server 2003 SP2 Windows Vista SP1/SP2 / Windows Server 2008 Gold/SP2 (x64) (Superseded) (ID: 1007016)

Reason for Update:

Microsoft has released Security Advisory 2798897.

Actions to Take:

None

Published site version:

Patches for Windows (English), version 1700

Additional links:

None

Application Engineering Team

Tivoli Endpoint Manager

system · January 4, 2013, 1:46pm

(imported comment written by CSL2012)

Thank you. Happy New Year!!!

system · January 4, 2013, 1:55pm

(imported comment written by TerryWeiChao)

Happy New Year!