Microsoft KB Archive/293817

= How to Recognize Erroneously Issued VeriSign Code-Signing Certificates =

Article ID: 293817

Article Last Modified on 1/31/2007

-

APPLIES TO


 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 4
 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 5
 * Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Service Pack 1
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT 4.0 Service Pack 1
 * Microsoft Windows NT 4.0 Service Pack 2
 * Microsoft Windows NT 4.0 Service Pack 3
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Server 4.0 Enterprise Edition
 * Microsoft Windows NT 4.0 Service Pack 4
 * Microsoft Windows NT 4.0 Service Pack 5
 * Microsoft Windows NT 4.0 Service Pack 6a
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows NT Workstation 4.0
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Second Edition
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 95

-



This article was previously published under Q293817





SUMMARY
In early March 2001, VeriSign, Inc. announced that it had issued two digital certificates to an individual who fraudulently claimed to be a Microsoft employee. This issue is discussed at length in Microsoft Security Bulletin MS01-017. This article provides information that you can use to recognize these certificates.

For additional information about this issue, click the article number below to view the article in the Microsoft Knowledge Base:

293818 Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard

For additional information about how to revoke these certificates' trusted status, click the article number below to view the article in the Microsoft Knowledge Base:

293816 How to Determine Whether You Have Accepted Trust for Fraudulent VeriSign-Issued Certificates

For additional information about how to remove the VeriSign Commercial Software Publishers certification authority (CA) from the trusted store, click the article number below to view the article in the Microsoft Knowledge Base:

293819 How to Remove a Root Certificate from the Trusted Root Store

For additional information about how to obtain a tool to revoke these fraudulent certificates, click the article number below to view the article in the Microsoft Knowledge Base:

293811 Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign



MORE INFORMATION
These certificates are untrusted by default, even if you have previously chosen to trust content from Microsoft; therefore, you always receive a warning dialog box if you encounter these certificates. Click Microsoft Corporation on this warning dialog box to identify these certificates. Microsoft recommends against running any content that is signed with these certificates.

Fraudulent Certificate 1
The first fraudulent certificate can be uniquely identified by the following properties on the Details tab:
 * Serial Number: 750E 40FF 97F0 47ED F556 C708 4EB1 ABFD
 * Issuer: OU = VeriSign Commercial Software Publishers CA

O = VeriSign, Inc.

L = Internet
 * Thumbprint: 7D7F 4414 CCEF 168A DF6B F407 53B5 BECD 7837 5931

Fraudulent Certificate 2
The second fraudulent certificate can be uniquely identified by the following properties on the Details tab:
 * Serial Number: 1B51 90F7 3724 399C 9254 CD42 4637 996A
 * Issuer: OU = VeriSign Commercial Software Publishers CA

O = VeriSign, Inc.

L = Internet
 * Thumbprint: 6371 62CC 59A3 A1E2 5956 FA5F A8F6 0D2E 1C52 EAC6

Complete Details of Fraudulent Certificates
For your reference, the complete details of these fraudulent certificates are provided in the following sections.

Fraudulent Certificate 1
The General tab contains the following information: Certificate Information

This certificate is intended for the following purpose(s):


 * Ensures software came from software publisher
 * Protects software from alteration after publication


 * Refer to the certification authority's statement for details.

Issued to: Microsoft Corporation

Issued by: VeriSign Commercial Software Publishers CA

Valid from 1/30/2001 to 1/31/2002

The Details tab contains the following information: Show: 

 Version

V3 Serial number

750E 40FF 97F0 47ED F556 C708 4EB1 ABFD Signature algorithm

md5RSA Issuer

OU = VeriSign Commercial Software Publishers CA

O = VeriSign, Inc.

L = Internet Valid from

Tuesday, January 30, 2001 7:00:00 PM Valid to

Thursday, January 31, 2002 6:59:59 PM</li> Subject

OU = Microsoft Corporation

CN = Microsoft Corporation

L = Redmond

S = Washington

C = US

OU = Digital ID Class 3 - Microsoft Software Validation v2

OU = www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)96

OU = VeriSign Commercial Software Publishers CA

O = VeriSign, Inc.

L = Internet</li> Public key

3081 8902 8181 00EE FA1F C9B0 43DF 7E75 814E 3171 910B FC15 9DD9 4A8A 51F5 0918 C67C C5F1 27C4 0162 FCBF FC84 29A6 2FE6 1E02 060B 9689 D342 B173 9F02 AE75 6209 3F83 8034 4660 390A E321 4EE7 0442 D57E 5E98 4527 5D04 B927 32C0 65A4 9485 1325 DB16 F2FB 51C7 FF28 62D1 8331 4FA9 A4F4 C54F 9D00 2E14 3F95 169C 4E25 071B D57D 3871 D840 F8AA 7102 0301 0001</li> Basic Constraints

Subject Type=End Entity

Path Length Constraint=None</li> Key Usage

Digital Signature, Key Encipherment(A0)</li> Authority Key Identifier

KeyID=7B96 E4D1 43FD 6898 F338 CC6E 3BF2 0B82

Certificate Issuer:

OU=VeriSign Commercial Software Publishers CA

O=&quot;VeriSign, Inc.&quot;

L=Internet

Certificate SerialNumber=03C7 8F37 DB92 28DF 3CBB 1AAD 82FA 6710</li> Basic Constraints

Subject Type=End Entity

Path Length Constraint=None</li>  Certificate Policies <pre class="fixed_text">[1]Certificate Policy:

PolicyIdentifier=2.16.840.1.113733.1.7.1.8<BR/> [1,1]Policy Qualifier Info: Policy Qualifier Id=CPS<BR/> Qualifier:<BR/> https://www.verisign.com/rpa </li> SpcFinancialCriteria

Financial Information=Available

Meets Criteria=Yes</li> Key Usage Restriction

[1]Cert PolicyId=1.3.6.1.4.1.311.2.1.22

Restricted Key Usage=Digital Signature(80)</li> SpcSpAgencyInfo

Policy Information:

URL=https://www.verisign.com/repository/CPS

Policy Display=This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS) version 1.0, available in the VeriSign repository at:

https://www.verisign.com; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED AND LIABILITY LIMITED.

WARNING: THE USE OF THIS CERTIFICATE IS STRICTLY SUBJECT TO THE VERISIGN CERTIFICATION PRACTICE STATEMENT. THE ISSUING AUTHORITY DISCLAIMS CERTAIN IMPLIED AND EXPRESS WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND WILL NOT BE LIABLE FOR CONSEQUENTIAL, PUNITIVE, AND CERTAIN OTHER DAMAGES. SEE THE CPS FOR DETAILS.

Contents of the VeriSign registered nonverifiedSubjectAttributes extension value shall not be considered as accurate information validated by the IA.

Policy Logo Link:

URL=https://www.verisign.com/repository/verisignlogo.gif

</li> Thumbprint algorithm

sha1</li> Thumbprint

7D7F 4414 CCEF 168A DF6B F407 53B5 BECD 7837 5931</li></ul>

The Certification Path tab contains the following information:

Certification path

VeriSign Commercial Software Publishers CA

Microsoft Corporation

Fraudulent Certificate 2
The General tab contains the following information:

Certificate Information

This certificate is intended for the following purpose(s):


 * Ensures software came from software publisher
 * Protects software from alteration after publication


 * Refer to the certification authority's statement for details.

Issued to: Microsoft Corporation

Issued by: VeriSign Commercial Software Publishers CA

Valid from 1/29/2001 to 1/30/2002

The Details tab contains the following information:

Show: <All>

<ul> Version

V3</li> Serial number

1B51 90F7 3724 399C 9254 CD42 4637 996A</li> Signature algorithm

md5RSA</li> <li>Issuer

OU = VeriSign Commercial Software Publishers CA

O = VeriSign, Inc.

L = Internet</li> <li>Valid from

Monday, January 29, 2001 7:00:00 PM</li> <li>Valid to

Wednesday, January 30, 2002 6:59:59 PM</li> <li>Subject

OU = Software

CN = Microsoft Corporation

L = Washington

S = DC

C = US

OU = Digital ID Class 3 - Microsoft Software Validation v2

OU = www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)96

OU = VeriSign Commercial Software Publishers CA

O = VeriSign, Inc.

L = Internet</li> <li>Public key

3081 8902 8181 009E 30E5 9341 8E11 0767 BABD C9C6 110A AB5A 4CD6 6D0C ADFA B30E A019 1C54 7FC5 2E29 CE7E DADE EB28 D5AD 1AB0 CAD5 B2F1 9B83 E23E 448F E997 2693 B36D 390C 6967 50B9 1498 7DA4 C342 66E3 8CFC DADB 89EC 9C6B 54DD 481C C4DD 2055 B7EA 2557 B6CE FCEB E087 62A1 85A9 1FCF F2FB 2094 9BDA E53D D6B9 80E9 06AF 31A6 CD7E B3CF B490 5502 0301 0001</li> <li>Basic Constraints

Subject Type=End Entity

Path Length Constraint=None</li> <li>Key Usage

Digital Signature, Key Encipherment(A0)</li> <li>Authority Key Identifier

KeyID=7B96 E4D1 43FD 6898 F338 CC6E 3BF2 0B82

Certificate Issuer:

OU=VeriSign Commercial Software Publishers CA

O=&quot;VeriSign, Inc.&quot;

L=Internet

Certificate SerialNumber=03C7 8F37 DB92 28DF 3CBB 1AAD 82FA 6710</li> <li>Basic Constraints

Subject Type=End Entity

Path Length Constraint=None</li> <li>Certificate Policies

[1]Certificate Policy:

PolicyIdentifier=2.16.840.1.113733.1.7.1.8

[1,1]Policy Qualifier Info:

Policy Qualifier Id=CPS

Qualifier:

https://www.verisign.com/rpa

</li> <li>SpcFinancialCriteria

Financial Information=Available

Meets Criteria=Yes</li> <li>Key Usage Restriction

[1]Cert PolicyId=1.3.6.1.4.1.311.2.1.22

Restricted Key Usage=Digital Signature(80)</li> <li>SpcSpAgencyInfo

Policy Information:

URL=https://www.verisign.com/repository/CPS

Policy Display=This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS) version 1.0, available in the VeriSign repository at:

https://www.verisign.com; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED AND LIABILITY LIMITED.

WARNING: THE USE OF THIS CERTIFICATE IS STRICTLY SUBJECT TO THE VERISIGN CERTIFICATION PRACTICE STATEMENT. THE ISSUING AUTHORITY DISCLAIMS CERTAIN IMPLIED AND EXPRESS WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND WILL NOT BE LIABLE FOR CONSEQUENTIAL, PUNITIVE, AND CERTAIN OTHER DAMAGES. SEE THE CPS FOR DETAILS.

Contents of the VeriSign registered nonverifiedSubjectAttributes extension value shall not be considered as accurate information validated by the IA.

Policy Logo Link:

URL=https://www.verisign.com/repository/verisignlogo.gif

</li> <li>Thumbprint algorithm

sha1</li> <li>Thumbprint

6371 62CC 59A3 A1E2 5956 FA5F A8F6 0D2E 1C52 EAC6</li></ul>

The Certification Path tab contains the following information:

Certification path

VeriSign Commercial Software Publishers CA

Microsoft Corporation

Additional query words: certs revoke yank remove get rid of verify examine look at review

Keywords: kbinfo kbwin95 kbwin98 kbwinme kbwin98se kb3rdparty KB293817

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.