Microsoft has issued an update designed to remove trust for two Intermediate Certificate Authorities (CA) certificates from DigiCert Sdn. Bhd.
DigiCert Sdn. Bhd, is a subordinate certification authority (CA) of Entrust and GTE, based in Malaysia, and the Redmond company provided a heads-up of this refresh as of the start of November 2011.
KB 2641690 is now available for download for users of all supported versions of Windows, including Windows 7 Service Pack 1 (SP1).
Jerry Bryant, group manager, Response Communications Trustworthy Computing Group, revealed that the software giant also published Microsoft Security Advisory (2641690), offering users additional details about the transition of DigiCert Sdn.Bhd certificates to the Microsoft Untrusted Certificate Store.
“We made this decision after Entrust, Inc., a CA in the Microsoft Root Certificate Program, notified us that one of its subordinate CAs issued 22 certificates with weak 512 bit keys, a violation of Microsoft’s Root Certificate Program requirements,” Bryant said.
“At this time, there is no indication that the certificates were issued fraudulently but with this update, we are proactively protecting customers from potential issues.”
Deploying KB 2641690, Microsoft revokes the trust for the following intermediate CA certificates: Digisign Server ID – (Enrich) issued by Entrust.net Certification Authority (2048) and Digisign Server ID (Enrich) issued by GTE CyberTrust Global Root.
“There is no action for customers who have enabled Automatic Updates as the update, which applies to all supported versions of Microsoft Windows, will be downloaded and installed automatically,” Bryant noted.
It’s important to understand that customers running Windows need to deploy KB 2641690 as soon as possible in order to be protected against any eventual spoofing attacks, even though none have been identified just yet.
For those users that would much rather download and install KB 2641690 instead of waiting for the AU delivery, I included a list with all the downloads below: