Microsoft has issued a security advisory recently to Windows users about a rogue certificate that could be used to spoof at the company’s Live services. “Microsoft is aware of an improperly issued SSL certificate for the domain ‘live.fi’ that could be used in attempts to spoof content, perform phishing attacks, or perform man-in-the-middle attacks,” the advisory reads.
“It cannot be used to issue other certificates, impersonate other domains, or sign code,” it added. Now certificates are becoming increasingly the favorite targets of cybercriminals. Kevin Bocek, who is VP for security at Venafi, said that bad guys are not just trying to steal certificates, but they use fraud means to obtain them, too.
Microsoft has reportedly taken actions to check anyone from trying to make use of the illicit certificate. However, those measures only work on its products. Since the certificate will work in other products, it’s up to the makers of such products to update them regularly and to block recognition of the certificate.