Microsoft and Adobe released security fixes today, and Microsoft blacklisted six more root certificates in the wake of a breach at DigiNotar that allowed fraudulent SSL certificates to be issued.
As part of its monthly Patch Tuesday, Microsoft released five security bulletins, none of which are critical, plugging 15 holes. Affected software includes Windows, Office, Excel, SharePoint, Windows Server and Office Web Apps.
More details are in the advisory, which Microsoft had accidentally posted online four days early before removing it to save it for today.
Meanwhile, Microsoft revoked certificates signed by two certificate authorities, Entrust and Cybertrust, which had issued certificates on behalf of DigiNotar. DigiNotar was hacked and more than 500 SSL (Secure Sockets Layer) certificates were fraudulently issued, including one that was used in an attack involving spoofing Google.com to snoop on Gmail of users in Iran.
Microsoft, Google Chrome, Firefox, Opera, Adobe and Apple now blacklist the certificates.
Meanwhile, Adobe today issued fixes for critical vulnerabilities in Adobe Reader and Acrobat that could allow an attacker to take control of the computer. More details are in the Adobe advisory.
No comments:
Post a Comment