Microsoft Update "Un-Trusts" Bad Certificate Authority

SUBTITLE:  Security News
ACTION: Ensure Windows Updates Enabled

Google has recently discovered a problem with a Certificate Authority (CA) in India that has been improperly issuing SSL certificates. The risk from this practice is that a browser might believe a malicious website is a legitimate site.

The good news is that most major browsers are unaffected by this potential issue. Chrome, Firefox, Apple, and Android already did not trust this CA and no further updates are required. Microsoft is issuing an update that removes this CA from their Certificate Trust List (CTL), and once that action is complete there will be no further risk.
 
Most Windows 7 and Vista machines should have an update installed that will allow them to receive this update. Mytech has approved this update for general release, and will be working to ensure it is applied to all Managed Services customers. Windows 8 machines will automatically receive the trust change. Any home user who has Windows Updates enabled should also be receiving either the update or the change in trust from Microsoft.
 
Mytech believes that actively applying Operating System and software updates is a key strategy in protecting your network. While the news that a Certificate Authority might be acting in an unacceptable manner is disturbing, the good news here is that software companies were able to quickly and relatively easily correct the problem. The system of trust that the internet is built on is still functional.
 
If you have any further questions about this issue or would like additional information, please contact the Mytech Help Desk at 612-659-9800.