When is a security cert not a security cert?Posted on June 4th, 2012 at 21:21 4 comments
When it’s a Microsoft security cert, of course.
Microsoft just sent an out-of-band patch down the Automatic Update chute. It plugs one of the (many) holes used by the “Flame” malware.
While I figure none of you are susceptible to Flame – the whole thing’s been overblown – you may be susceptible if some cretin figures out how to use the security certificate signing technique to generate a different cert.
I’m about to change the MS-DEFCON level to 4. This patch is good incentive.
4 Responses to “When is a security cert not a security cert?”
Leave a Reply