Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Microsoft Warns Of Phony Windows Live Digital Certificate
Unauathorized SSL certificate for 'live.fi' could be used for man-in-the-middle, phishing attacks, Microsoft says.
1 Min Read
Microsoft is now revoking and blacklisting a newly discovered phony SSL certificate for the domain 'live.fi' that could be used to spoof content and wage phishing and man-in-the-middle attacks, the software company said today. The 'live.fi' domain is Windows Live.
Comodo, the certificate authority that inadvertently issued the phony cert, has revoked it. Microsoft says it's not aware of any attacks using the phony cert, which cannot be used to impersonate domains, sign code, nor issue other certificates. All versions of Windows are affected, and automatic updates will pull the phony cert.
"A certificate was improperly issued due to a misconfigured privileged email account on the live.fi domain. An email account was able to be registered for the live.fi domain using a privileged username, which was subsequently used to request an unauthorized certificate for that domain," Microsoft said in a security advisory released late last night.
For details, see the Microsoft advisory here.
Read more about:
2015About the Author
You May Also Like
More Insights
_santoelia_Alamy.jpg?width=700&auto=webp&quality=80&disable=upscale)