Microsoft KB Archive/293816

= How to Determine Whether You Have Accepted Trust for Fraudulent VeriSign-Issued Certificates =

Article ID: 293816

Article Last Modified on 2/19/2007

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 4
 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 5
 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT 4.0 Service Pack 1
 * Microsoft Windows NT 4.0 Service Pack 2
 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 95

-



This article was previously published under Q293816



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SUMMARY
In early March 2001, VeriSign, Inc., announced that it had issued two digital certificates to an individual who fraudulently claimed to be a Microsoft employee. This issue is discussed at length in Microsoft Security Bulletin MS01-017. This article describes how to determine if you have enabled the trust for these certificates and how to remove that trust.

For additional information about this issue, click the article number below to view the article in the Microsoft Knowledge Base:

293818 Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard

For additional information about how to recognize these fraudulent certificates, click the article number below to view the article in the Microsoft Knowledge Base:

293817 How to Recognize Erroneously-Issued VeriSign Code-Signing Certificates

For additional information about how to remove VeriSign Commercial Software Publishers CA from the trusted store, click the article number below to view the article in the Microsoft Knowledge Base:

293819 How to Remove a Root Certificate from the Trusted Root Store

For additional information about how to obtain a tool to revoke these fraudulent certificates, click the article number below to view the article in the Microsoft Knowledge Base:

293811 Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign



MORE INFORMATION
When you click Always trust content from Microsoft Corporation in the warning dialog box that appears when you encounter these certificates, &quot;Microsoft Corporation&quot; is added to the list of trusted publishers. To remove this explicit trust:

Microsoft Internet Explorer 5, 5.01, 5.5

 * 1) On the Tools menu in Internet Explorer, click Internet Options.
 * 2) On the Content tab, click Publishers.
 * 3) Click Microsoft Corporation, click Remove, and then click OK.

NOTE: If &quot;Microsoft Corporation&quot; appears multiple times, there is no way to determine which one to remove; therefore, you must edit the registry by using the steps in the &quot;Editing the Registry&quot; section.
 * 1) Click OK.

Internet Explorer 4.x

 * 1) On the View menu in Internet Explorer, click Options.
 * 2) On the Content tab, click Publishers.
 * 3) Click Microsoft Corporation, click Delete, and then click OK.

NOTE: If &quot;Microsoft Corporation&quot; appears multiple times, there is no way to determine which one to remove; therefore, you must edit the registry by using the steps in the &quot;Editing the Registry&quot; section.
 * 1) Click OK.

Editing the Registry
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

If &quot;Microsoft Corporation&quot; appears multiple times, use these steps to remove these fraudulent certificates:  Start Registry Editor (Regedit.exe). Determine whether the following key in the registry

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0

contains one or more of the following values:

 bhhphijojgfcdocagmhjgjbhmieinfap pnkllbeoaimhfgpfonehpajhppeaaohf bhhphijojgfcdocagmhjgjbhmieinfap gkjjdhegecmnfejcjmdjcedhphjafbbl  If these values exist, delete them by clicking the value and then clicking Delete on the Edit menu.</li> Quit Registry Editor.</li></ol>

Keywords: kbinfo kb3rdparty KB293816

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.