Security 10816 Published by

Computerworld posted a story that Microsoft said that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.



The company's assertion came after a massive theft of more than 500 SSL (secure socket layer) certificates, including several that could be used to impersonate Microsoft's update services, was revealed by Dutch authorities and several other affected developers.

"Attackers are not able to leverage a fraudulent Windows Update certificate to install malware via the Windows Update servers," said Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), in a Sunday blog post. "The Windows Update client will only install binary payloads signed by the actual Microsoft root certificate, which is issued and secured by Microsoft."
  Microsoft: Stolen SSL certs can't be used to install malware via Windows Update