Microsoft flips 'kill switch' on all DigiNotar certificates

Permanently blocks all SSL certificates issued by Dutch company hacked in June

Microsoft today updated Windows to permanently block all digital certificates issued by a Dutch company that was hacked months ago.

The update -- the second for Windows Vista and Windows 7, but the first for the decade-old Windows XP -- moves all DigiNotar SSL (secure socket layer) certificates to Windows' block list, dubbed the Untrusted Certificate Store. Microsoft's Internet Explorer (IE) uses that list to bar the browser from reaching sites secured with dubious certificates.

Windows XP users will see this update starting today that blocks all SSL certificates issued by DigiNotar.

DigiNotar, a certificate authority (CA) based in the Netherlands, has admitted that its servers were compromised in mid-July. A report made public Monday by a digital forensics firm said that hackers had acquired 531 certificates, including many used by the Dutch government, and that DigiNotar was unaware of the intrusion for approximately a month.

In that forensics report, Fox-IT said that hackers controlled DigiNotar's servers starting June 17, and that during a month-long stretch in July and August, hackers spied on 300,000 Iranians' Gmail accounts.

SSL certificates are used by websites and browsers to identify a site as legitimate; illegally-obtained certificates can be abused to disguise unauthorized domains using "man-in-the-middle" attacks.

The Windows update will be automatically downloaded and installed to machines that have Windows Update's Automatic Update enabled, Microsoft said in a security advisory.

Microsoft's Dutch customers, however, won't see the update for another week.

"At the explicit request of the Dutch government, Microsoft will delay deployment of this update in the Netherlands for one week to give the government time to replace certificates," Dave Forstrom, a director in Microsoft's Trustworthy Computing group, said in a blog post today. "Dutch customers who wish to install the update can do so by manually visiting Windows Update or following the instructions available at once the security update is released worldwide."

The delay for the Dutch was expected. On Monday, the Netherlands' Ministers of Interior and Security and Justice told parliament that Microsoft would issue an update to block all DigiNotar certificates, and that the update would not be immediately pushed to Dutch Windows users.

Google and Mozilla have already updated their browsers to block all DigiNotar certificates. The former shipped a new version of Chrome on Saturday, while the latter updated Firefox 6 and Firefox 3.6 today.

Mozilla has been especially vocal about its disgust with DigiNotar, and has said that the ban of certificates issued by the company is permanent.

"This is not a temporary suspension, it is a complete removal from our trusted root program," said Johnathan Nightingale, director of Firefox engineering, in a blog post last Friday. "Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort."

Other security experts have said that the bans by Google, Mozilla and now Microsoft amount to a "death sentence" for DigiNotar and its business.

Andrew Storms, director of security operations at nCircle Security, concurred. "Game over, man," he said today.

Apple has been mum during the DigiNotar episode: Its Safari browser relies on a block list in Mac OS X, so -- like Microsoft -- Apple must update its operating system to protect users.

Last March, when a similar attack targeted Comodo, Apple took a month before blocking the stolen certificates, or three weeks longer than Microsoft.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His e-mail address is

See more articles by Gregg Keizer.

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.

Tags GoogleMicrosoftsecurityWindowssoftwareMalware and Vulnerabilitiesoperating systems

More about Andrew Corporation (Australia)AppleCA TechnologiesComodoGoogleMicrosoftMozillanCircleTopic

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gregg Keizer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts