How to Recognize Erroneously Issued VeriSign Code-Signing Certificates (293817)


The information in this article applies to:

  • Microsoft Windows NT Server 4.0 Terminal Server Edition SP4
  • Microsoft Windows NT Server 4.0 Terminal Server Edition SP5
  • Microsoft Windows NT Server 4.0 Terminal Server Edition SP6
  • Microsoft Windows 2000 Server SP1
  • Microsoft Windows 2000 Advanced Server SP1
  • Microsoft Windows 2000 Professional SP1
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Server 4.0 SP1
  • Microsoft Windows NT Server 4.0 SP2
  • Microsoft Windows NT Server 4.0 SP3
  • Microsoft Windows NT Server 4.0 SP4
  • Microsoft Windows NT Server 4.0 SP5
  • Microsoft Windows NT Server 4.0 SP6a
  • Microsoft Windows NT Server, Enterprise Edition 4.0
  • Microsoft Windows NT Server, Enterprise Edition 4.0 SP4
  • Microsoft Windows NT Server, Enterprise Edition 4.0 SP5
  • Microsoft Windows NT Server, Enterprise Edition 4.0 SP6a
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows NT Workstation 4.0 SP1
  • Microsoft Windows NT Workstation 4.0 SP2
  • Microsoft Windows NT Workstation 4.0 SP3
  • Microsoft Windows NT Workstation 4.0 SP4
  • Microsoft Windows NT Workstation 4.0 SP5
  • Microsoft Windows NT Workstation 4.0 SP6a
  • Microsoft Windows Millennium Edition
  • Microsoft Windows 98 Second Edition
  • Microsoft Windows 98
  • Microsoft Windows 95
This article was previously published under Q293817

SUMMARY

In early March 2001, VeriSign, Inc. announced that it had issued two digital certificates to an individual who fraudulently claimed to be a Microsoft employee. This issue is discussed at length in Microsoft Security Bulletin MS01-017. This article provides information that you can use to recognize these certificates.

For additional information about this issue, click the article number below to view the article in the Microsoft Knowledge Base:

293818 Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard

For additional information about how to revoke these certificates' trusted status, click the article number below to view the article in the Microsoft Knowledge Base:

293816 How to Determine Whether You Have Accepted Trust for Fraudulent VeriSign-Issued Certificates

For additional information about how to remove the VeriSign Commercial Software Publishers certification authority (CA) from the trusted store, click the article number below to view the article in the Microsoft Knowledge Base:

293819 How to Remove a Root Certificate from the Trusted Root Store

For additional information about how to obtain a tool to revoke these fraudulent certificates, click the article number below to view the article in the Microsoft Knowledge Base:

293811 Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign

MORE INFORMATION

These certificates are untrusted by default, even if you have previously chosen to trust content from Microsoft; therefore, you always receive a warning dialog box if you encounter these certificates. Click Microsoft Corporation on this warning dialog box to identify these certificates. Microsoft recommends against running any content that is signed with these certificates.

Fraudulent Certificate 1

The first fraudulent certificate can be uniquely identified by the following properties on the Details tab:
  • Serial Number: 750E 40FF 97F0 47ED F556 C708 4EB1 ABFD
  • Issuer: OU = VeriSign Commercial Software Publishers CA
    O = VeriSign, Inc.
    L = Internet
  • Thumbprint: 7D7F 4414 CCEF 168A DF6B F407 53B5 BECD 7837 5931

Fraudulent Certificate 2

The second fraudulent certificate can be uniquely identified by the following properties on the Details tab:
  • Serial Number: 1B51 90F7 3724 399C 9254 CD42 4637 996A
  • Issuer: OU = VeriSign Commercial Software Publishers CA
    O = VeriSign, Inc.
    L = Internet
  • Thumbprint: 6371 62CC 59A3 A1E2 5956 FA5F A8F6 0D2E 1C52 EAC6

Complete Details of Fraudulent Certificates

For your reference, the complete details of these fraudulent certificates are provided in the following sections.

Fraudulent Certificate 1

The General tab contains the following information: Certificate Information

This certificate is intended for the following purpose(s):

  • Ensures software came from software publisher
  • Protects software from alteration after publication
* Refer to the certification authority's statement for details.

Issued to: Microsoft Corporation

Issued by: VeriSign Commercial Software Publishers CA

Valid from 1/30/2001 to 1/31/2002

The Details tab contains the following information: Show: <All>

  • Version
    V3
  • Serial number
    750E 40FF 97F0 47ED F556 C708 4EB1 ABFD
  • Signature algorithm
    md5RSA
  • Issuer
    OU = VeriSign Commercial Software Publishers CA
    O = VeriSign, Inc.
    L = Internet
  • Valid from
    Tuesday, January 30, 2001 7:00:00 PM
  • Valid to
    Thursday, January 31, 2002 6:59:59 PM
  • Subject
    OU = Microsoft Corporation
    CN = Microsoft Corporation
    L = Redmond
    S = Washington
    C = US
    OU = Digital ID Class 3 - Microsoft Software Validation v2
    OU = www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)96
    OU = VeriSign Commercial Software Publishers CA
    O = VeriSign, Inc.
    L = Internet
  • Public key
    3081 8902 8181 00EE FA1F C9B0 43DF 7E75 814E 3171 910B FC15 9DD9 4A8A 51F5 0918 C67C C5F1 27C4 0162 FCBF FC84 29A6 2FE6 1E02 060B 9689 D342 B173 9F02 AE75 6209 3F83 8034 4660 390A E321 4EE7 0442 D57E 5E98 4527 5D04 B927 32C0 65A4 9485 1325 DB16 F2FB 51C7 FF28 62D1 8331 4FA9 A4F4 C54F 9D00 2E14 3F95 169C 4E25 071B D57D 3871 D840 F8AA 7102 0301 0001
  • Basic Constraints
    Subject Type=End Entity
    Path Length Constraint=None
  • Key Usage
    Digital Signature , Key Encipherment(A0)
  • Authority Key Identifier
    KeyID=7B96 E4D1 43FD 6898 F338 CC6E 3BF2 0B82
    Certificate Issuer:

    OU=VeriSign Commercial Software Publishers CA
    O="VeriSign, Inc."
    L=Internet

    Certificate SerialNumber=03C7 8F37 DB92 28DF 3CBB 1AAD 82FA 6710
  • Basic Constraints
    Subject Type=End Entity
    Path Length Constraint=None
  • Certificate Policies
    [1]Certificate Policy:

     PolicyIdentifier=2.16.840.1.113733.1.7.1.8<BR/>
     [1,1]Policy Qualifier Info:
        
          Policy Qualifier Id=CPS<BR/>
          Qualifier:<BR/>
      
               https://www.verisign.com/rpa
  • SpcFinancialCriteria
    Financial Information=Available
    Meets Criteria=Yes
  • Key Usage Restriction
    [1]Cert PolicyId=1.3.6.1.4.1.311.2.1.22
    Restricted Key Usage=Digital Signature(80)
  • SpcSpAgencyInfo
    Policy Information:

    URL=https://www.verisign.com/repository/CPS

    Policy Display=This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS) version 1.0, available in the VeriSign repository at:
    https://www.verisign.com; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED AND LIABILITY LIMITED.

    WARNING: THE USE OF THIS CERTIFICATE IS STRICTLY SUBJECT TO THE VERISIGN CERTIFICATION PRACTICE STATEMENT. THE ISSUING AUTHORITY DISCLAIMS CERTAIN IMPLIED AND EXPRESS WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND WILL NOT BE LIABLE FOR CONSEQUENTIAL, PUNITIVE, AND CERTAIN OTHER DAMAGES. SEE THE CPS FOR DETAILS.

    Contents of the VeriSign registered nonverifiedSubjectAttributes extension value shall not be considered as accurate information validated by the IA.

    Policy Logo Link:

    URL=https://www.verisign.com/repository/verisignlogo.gif

  • Thumbprint algorithm
    sha1
  • Thumbprint
    7D7F 4414 CCEF 168A DF6B F407 53B5 BECD 7837 5931
The Certification Path tab contains the following information:

Certification path

VeriSign Commercial Software Publishers CA

Microsoft Corporation

Fraudulent Certificate 2

The General tab contains the following information:

Certificate Information

This certificate is intended for the following purpose(s):

  • Ensures software came from software publisher
  • Protects software from alteration after publication

* Refer to the certification authority's statement for details.

Issued to: Microsoft Corporation

Issued by: VeriSign Commercial Software Publishers CA

Valid from 1/29/2001 to 1/30/2002

The Details tab contains the following information:

Show: <All>

  • Version
    V3
  • Serial number
    1B51 90F7 3724 399C 9254 CD42 4637 996A
  • Signature algorithm
    md5RSA
  • Issuer
    OU = VeriSign Commercial Software Publishers CA
    O = VeriSign, Inc.
    L = Internet
  • Valid from
    Monday, January 29, 2001 7:00:00 PM
  • Valid to
    Wednesday, January 30, 2002 6:59:59 PM
  • Subject
    OU = Software
    CN = Microsoft Corporation
    L = Washington
    S = DC
    C = US
    OU = Digital ID Class 3 - Microsoft Software Validation v2
    OU = www.verisign.com/repository/CPS Incorp. by Ref.,LIAB.LTD(c)96
    OU = VeriSign Commercial Software Publishers CA
    O = VeriSign, Inc.
    L = Internet
  • Public key
    3081 8902 8181 009E 30E5 9341 8E11 0767 BABD C9C6 110A AB5A 4CD6 6D0C ADFA B30E A019 1C54 7FC5 2E29 CE7E DADE EB28 D5AD 1AB0 CAD5 B2F1 9B83 E23E 448F E997 2693 B36D 390C 6967 50B9 1498 7DA4 C342 66E3 8CFC DADB 89EC 9C6B 54DD 481C C4DD 2055 B7EA 2557 B6CE FCEB E087 62A1 85A9 1FCF F2FB 2094 9BDA E53D D6B9 80E9 06AF 31A6 CD7E B3CF B490 5502 0301 0001
  • Basic Constraints
    Subject Type=End Entity
    Path Length Constraint=None
  • Key Usage
    Digital Signature , Key Encipherment(A0)
  • Authority Key Identifier
    KeyID=7B96 E4D1 43FD 6898 F338 CC6E 3BF2 0B82
    Certificate Issuer:

    OU=VeriSign Commercial Software Publishers CA
    O="VeriSign, Inc."
    L=Internet

    Certificate SerialNumber=03C7 8F37 DB92 28DF 3CBB 1AAD 82FA 6710
  • Basic Constraints
    Subject Type=End Entity
    Path Length Constraint=None
  • Certificate Policies
    [1]Certificate Policy:

    PolicyIdentifier=2.16.840.1.113733.1.7.1.8
    [1,1]Policy Qualifier Info:
    Policy Qualifier Id=CPS
    Qualifier:

    https://www.verisign.com/rpa
  • SpcFinancialCriteria
    Financial Information=Available
    Meets Criteria=Yes
  • Key Usage Restriction
    [1]Cert PolicyId=1.3.6.1.4.1.311.2.1.22
    Restricted Key Usage=Digital Signature(80)
  • SpcSpAgencyInfo
    Policy Information:

    URL=https://www.verisign.com/repository/CPS

    Policy Display=This certificate incorporates by reference, and its use is strictly subject to, the VeriSign Certification Practice Statement (CPS) version 1.0, available in the VeriSign repository at:
    https://www.verisign.com; by E-mail at CPS-requests@verisign.com; or by mail at VeriSign, Inc., 2593 Coast Ave., Mountain View, CA 94043 USA Copyright (c)1996 VeriSign, Inc. All Rights Reserved. CERTAIN WARRANTIES DISCLAIMED AND LIABILITY LIMITED.

    WARNING: THE USE OF THIS CERTIFICATE IS STRICTLY SUBJECT TO THE VERISIGN CERTIFICATION PRACTICE STATEMENT. THE ISSUING AUTHORITY DISCLAIMS CERTAIN IMPLIED AND EXPRESS WARRANTIES, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND WILL NOT BE LIABLE FOR CONSEQUENTIAL, PUNITIVE, AND CERTAIN OTHER DAMAGES. SEE THE CPS FOR DETAILS.

    Contents of the VeriSign registered nonverifiedSubjectAttributes extension value shall not be considered as accurate information validated by the IA.

    Policy Logo Link:

    URL=https://www.verisign.com/repository/verisignlogo.gif

  • Thumbprint algorithm
    sha1
  • Thumbprint
    6371 62CC 59A3 A1E2 5956 FA5F A8F6 0D2E 1C52 EAC6
The Certification Path tab contains the following information:

Certification path

VeriSign Commercial Software Publishers CA

Microsoft Corporation

Modification Type:MinorLast Reviewed:12/20/2004
Keywords:kb3rdparty kbinfo kbWin95 kbWin98 kbWin98SE kbWinME KB293817
©2004 Microsoft Corporation. All rights reserved.