Unauthorized Microsoft Digital Certificates

Microsoft has released a security advisory to address the revocation of a number of unauthorized digital certificates. Maintaining these certificates within your certificate store may allow an attacker to spoof content, perform a phishing attack, or perform a man-in-the-middle attack.

The following certificates have been revoked by this update:

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)
Microsoft has provided an update to all support versions of Microsoft Windows to address this issue. Additional information can be found in Microsoft Security Advisory 2718704.

US-CERT encourages users and administrators to apply any necessary updates to help mitigate the risk.

Update: For more information, please see US-CERT Technical Alert TA12-156A.

This product is provided subject to this Notification and this Privacy & Use policy.