Products & Services
Support

Product Categories


Popular Downloads


Manage Software

How to Buy

For Home

Linksys Products Store
Linksys is now part of Belkin
Products for everyone

All Ordering Options

Training & Events Partners
Guest

Security Activity Bulletin

Fraudulent TURKTRUST Inc. Digital Certificates

 
Threat Type:IntelliShield: Security Activity Bulletin
IntelliShield ID:27758
Version:4
First Published:2013 January 03 19:59 GMT
Last Published:2013 October 18 13:53 GMT
Port: Not available
Urgency:Possible use
Credibility:Confirmed
Severity:Mild Damage
 
Version Summary:Blue Coat has released a security advisory to address the fraudulent TURKTRUST Inc. digital certificates.
 

Description
 
Third-party certificate registrar TURKTRUST Inc. issued fraudulent certificates for *.google.com through incorrectly created subsidiary certificate registrars. Because the third-party registrar is trusted by the Microsoft Trusted Root Certification Authorities Store, Windows-based systems may be vulnerable to spoofing attacks. If an attacker possessed the fraudulent certificate, the attacker could masquerade as a valid google.com host, allowing the attacker to conduct man-in-the-middle attacks or phishing attacks, potentially leading to information disclosure.

Reports indicate that attacks using the fraudulent certificates have occurred in the wild.

Microsoft has released a security advisory and software updates to revoke the certificate on affected Windows systems.

Microsoft has released a security advisory at the following link: 2798897

Microsoft customers can obtain updates directly by using the links in the security advisory. These updates are also distributed by Windows automatic update features and available on the Microsoft Update service. Microsoft Windows Server Update Services (WSUS), Systems Management Server, and System Center Configuration Manager can assist administrators in deploying software updates.

Apple has released security advisory at the following link: HT5642. Apple has released updated software at the following link: iOS 6.1 Software Update<.

Blue Coat has released a security advisory at the following link: SA73. Blue coat users are advised to follow mitigation steps as mentioned in the vendor advisory.

Mozilla has released a security bulletin at the following link: MFSA 2013-20. Mozilla has released updated versions at the following links:
 
Alert History
 

Version 3, January 29, 2013, 4:47 PM: Apple has released a security advisory and updated software to address the Fraudulent TURKTRUST Inc. digital certificates.

Version 2, January 9, 2013, 7:03 AM: Mozilla has released a security advisory and software update to address the Fraudulent TURKTRUST Inc. digital certificates.

Version 1, January 3, 2013, 10:59 AM: Fraudulent certificates for google.com were issued by a third-party certificate authority, possibly allowing spoofing attacks. Root certificate authorities have revoked the fraudulent certificates.


Product Sets
 
The security vulnerability applies to the following combinations of products.

Primary Products:
Microsoft, Inc.Windows 7 for 32-bit systems Base, SP1 | for x64-based systems Base, SP1
Microsoft, Inc.Windows RT Original Release Base
Microsoft, Inc.Windows Server 2003 Datacenter Edition Base, SP1, SP2 | Datacenter Edition, 64-bit (Itanium) Base, SP1, SP2 | Datacenter Edition x64 (AMD/EM64T) Base, SP2 | Enterprise Edition Base, SP1, SP2 | Enterprise Edition, 64-bit (Itanium) Base, SP1, SP2 | Enterprise Edition x64 (AMD/EM64T) Base, SP2 | Standard Edition Base, SP1, SP2 | Standard Edition, 64-bit (Itanium) Base, SP1, SP2 | Standard Edition x64 (AMD/EM64T) Base, SP2 | Web Edition Base, SP1, SP2
Microsoft, Inc.Windows Server 2008 Datacenter Edition Base, SP1, SP2 | Datacenter Edition, 64-bit Base, SP1, SP2 | Itanium-Based Systems Edition Base, SP1, SP2 | Enterprise Edition Base, SP1, SP2 | Enterprise Edition, 64-bit Base, SP1, SP2 | Essential Business Server Standard Base, SP1, SP2 | Essential Business Server Premium Base, SP1, SP2 | Essential Business Server Premium, 64-bit Base, SP1, SP2 | Standard Edition Base, SP1, SP2 | Standard Edition, 64-bit Base, SP1, SP2 | Web Server Base, SP1, SP2 | Web Server, 64-bit Base, SP1, SP2
Microsoft, Inc.Windows Server 2012 Original Release Base
Microsoft, Inc.Windows Vista Home Basic Base, SP1, SP2 | Home Premium Base, SP1, SP2 | Business Base, SP1, SP2 | Enterprise Base, SP1, SP2 | Ultimate Base, SP1, SP2 | Home Basic x64 Edition Base, SP1, SP2 | Home Premium x64 Edition Base, SP1, SP2 | Business x64 Edition Base, SP1, SP2 | Enterprise x64 Edition Base, SP1, SP2 | Ultimate x64 Edition Base, SP1, SP2
Microsoft, Inc.Windows XP Home Edition Base, SP1, SP2, SP3 | Professional Edition Base, SP1, SP2, SP3 | Professional x64 (AMD/EM64T) Base, SP2
Microsoft, Inc.Windows 8 for 32-bit systems Base | for x64-based systems Base

Associated Products:
AppleiOS 4.3 Base, .1, .2, .3, .4, .5 | 5.0 Base | 5.1 Base | 6.1 Base
Blue Coat Systems, Inc.Security Gateway (SGOS) 4.1 .1.1 | 4.2 Base | 5.3 .0 | 5.4 Base | 6.2 Base | 6.3 Base | 6.5 Base
Mozilla FoundationFirefox 15.0 Base | 16.0 Base, .1, .2 | 17.0 Base, .1
Mozilla FoundationFirefox ESR 10.0 .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11 | 17.0 Base, .1
Mozilla FoundationSeaMonkey 2.12 Base | 2.13 Base, .1 | 2.14 Base, 0.1
Mozilla FoundationThunderbird 15.0 Base | 16.0 Base, .1 | 17.0 Base, .1
Mozilla FoundationThunderbird ESR 10.0 .1, .2, .3, .4, .5, .6, .7, .8, .9, .10, .11 | 17.0 Base, .1




Alerts and bulletins on the Cisco Security Intelligence Operations Portal are highlighted by analysts in the Cisco Threat Operations Center and represent a subset of the comprehensive content that is available through Cisco Security IntelliShield Alert Manager Service. This customizable threat and vulnerability alert service provides security staff with access to timely, accurate, and credible information about threats and vulnerabilities that may affect their environment.


LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME.
Powered by  IntelliShield