Microsoft has blacklisted a fraudulent SSL certificate the company said could be used to spoof content and perform phishing and man-in-the-middle attacks.
In a security advisory, Microsoft said the SSL certificate, which was issued for the “live.fi” domain, has also been revoked by Comodo, the issuing Certificate Authority (CA). According to Microsoft, the certificate cannot be used to issue other certificates, impersonate other domains or sign code.
“A certificate was improperly issued due to a misconfigured privileged email account on the live.fi domain,” according to the advisory. “An email account was able to be registered for the live.fi domain using a privileged username, which was subsequently used to request an unauthorized certificate for that domain.”
So far, no attacks are known to be taking advantage of the situation, the advisory noted.
An attacker could use the certificates to spoof content and launch attacks against live.fi and www.live.fi, the Microsoft advisory explained.
“Although this issue does not result from an issue in any Microsoft product, we are nevertheless updating the CTL (Certificate Trust List) and providing an update to help protect customers,” according to Microsoft. “Microsoft will continue to investigate this issue and may make future changes to the CTL or release a future update to help protect customers.”
“Certificate Authorities are under constant attack from fraud attempts,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi. “The problem is we don’t hear about most of the successes. And you don’t have to attack a major global CA to be successful in getting a trusted certificate — for example, there are hundreds of trusted CAs in every iOS device.”
