Microsoft revoked trust for the four digital certificates inadvertently leaked last week by networking gear manufacturer D-Link. Microsoft stated that it has modified its Certificate Trust List removing trust for the four certs, which could have been used to sign malicious code used in attacks. The certs included one belonging to D-Link and another from Alpha Networks, both of which issued by Symantec. The other two, for Keebox and TRENDnet, were issued by GoDaddy. As per Microsoft, client versions of Windows 8, 8.1 and 10, as well as Windows Server 2012, Windows Server 2012 R2, Windows RT and Windows Phone 8 and 8.1 have automatic updaters that will revoke the certs without the need for user interaction. Windows Vista, Windows 7 and Windows Server 2008 and 2008 R2 also have an automatic installer available but it is not automatically installed with the respective operating systems. Those users can either install the automatic updater or can install update 2813430, according to Microsoft.
The information provided herein is on "as is" basis, without warranty of any kind.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street