(imported topic written by CSL2012)
Can a fixlet be provided for Microsoft Security Advisory 2718704? This patch was released (6/03/2012).
An update (KB2718704) for the Unauthorized Digital Certificates Could Allow Spoofing
Affected Software:
• Microsoft Windows XP
• Windows Server 2003
• Windows Vista
• Windows 7
• Windows Server 2008
• Windows Server 2008 R2
Summary:
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows. Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)
More Information: http://technet.microsoft.com/en-us/security/advisory/2718704 & http://support.microsoft.com/kb/2718704
Thanks,
Chi S. Li