BankThink

Microsoft Security Update Accidentally Rolls Back Earlier Update

Microsoft Corp. inadvertently unblocked some of the compromised digital certificates last week for Windows XP users, leaving those users open to potential fraud attacks.

The latest Windows update fixes this, blocking all certificates known by Microsoft to have been compromised in a June breach at DigiNotar, Computerworld reported Monday. The certificates are used to verify the legitimacy of websites. Web browsers typically pop up a warning if they do not see a valid certificate.

The absence of such a certificate could be a sign that a fraudster has hijacked the user's browsing session. That tactic, called a man-in-the-middle attack, can be used to steal online banking credentials.

Microsoft has been blocking the certificates known to have been compromised in the DigiNotar breach. However, last week's update blocked only the six most recent certificates – and unblocked ones that were addressed earlier, the article said.

Users of other versions of Windows were not at risk last week, Microsoft said.

For reprint and licensing requests for this article, click here.
MORE FROM AMERICAN BANKER