Executive Summary
Summary | |
---|---|
Title | Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program |
Informations | |||
---|---|---|---|
Name | KB2880823 | First vendor Publication | 2013-11-12 |
Vendor | Microsoft | Last vendor Modification | 1970-01-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is announcing a policy change to the Microsoft Root Certificate Program. The new policy will no longer allow root certificate authorities to issue X.509 certificates using the SHA-1 hashing algorithm for the purposes of SSL and code signing after January 1, 2016. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. Recommendation: Microsoft recommends that certificate authorities no longer sign newly generated certificates using the SHA-1 hashing algorithm and begin migrating to SHA-2. Microsoft also recommends that customers replace their SHA-1 certificates with SHA-2 certificates at the earliest opportunity. Please see the Suggested Actions section of this advisory for more information. For more information about this issue, see the following references: What is the scope of the advisory? Is this a security vulnerability that requires Microsoft to issue a security update? What causes this threat? What is a digital certificate? What is the purpose of a digital certificate? What is a certification authority (CA)? Customers who are interested in learning more about the topic covered in this advisory should review Windows Root Certificate Program - Technical Requirements. Certificate authorities should no longer sign newly generated certificates using the SHA-1 hashing algorithm. Customers should update certificate authorities to use the SHA-2 hashing algorithm and obtain SHA-2 certificates from their certificate authorities. Impact of action: Older hardware-based solutions may require upgrading to support these newer technologies. All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/2880823.mspx |
Alert History
Date | Informations |
---|---|
2013-11-12 21:19:27 |
|