Microsoft Update System May Be Safe from Digital Certificate Breach

Major tech companies are assessing the scope of the recently disclosed July breach of digital certificates, which Web browsers use to verify the legitimacy of any sites they display to users.

The breach took place at DigiNotar, which issues the certificates. Since the breach was disclosed, the estimated number of certificates exposed has risen to over 500, from about 200 a week ago and a few dozen by DigiNotar's original estimate from late August, Computerworld reports.

Seven of those certificates are used to verify content from the domains Microsoft Corp. uses to distribute security updates for its Windows operating system, Computerworld reported Monday. Microsoft says that some of those are for obsolete domains, and although the other domains are still in use, Microsoft uses a separate certificate to sign its security updates.

Thus, a hacker possessing the stolen certificates would not have the information necessary to trick Windows into installing a malicious update, the article said. A malicious update could be used to steal banking passwords and other sensitive data.

The breach has already affected about 300,000 people in Iran whose Gmail accounts were compromised, Computerworld reported Tuesday. Fox-IT, a forensics company that came up with that estimate, did not say who was monitoring the Iranian email accounts. Security researchers have speculated that Iran's government is involved, the article said.