Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   OS (Microsoft)  >   Windows DLL (Any) Vendors:   Microsoft
Microsoft Windows Includes Some Invalid TURKTRUST Certificates
SecurityTracker Alert ID:  1027934
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 3 2013
Impact:   Modification of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): XP SP3, 2003 SP2, Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 2012, RT; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows. A remote user may be able to spoof sites.

The operating system includes some invalid certificates. The vulnerability is due to the invalid certificates and not the operating system itself.

TURKTRUST Inc. incorrectly created two subsidiary certificate authorities (CAs) ('*.EGO.GOV.TR' and '') as end-entity certs and without CRL or OCSP extensions. The '*.EGO.GOV.TR' subsidiary CA was then used to issue a fraudulent digital certificate for '*'.

A fraudulent digital certificate has been actively used in attacks against several Google web domains.

Windows Phone 8 is also affected.

Adam Langley and the Google Chrome Security Team reported this vulnerability.

Impact:   A remote user may be able to spoof sites.
Solution:   The vendor has issued a fix that revokes the affected CA certificates, available at:

Systems configured with the automatic updater of revoked certificates do not need to apply a fix.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Configuration error

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC