Posted on Leave a comment

The Flame malware WuSetupV.exe certificate chain

First of all, be sure to read Our tech report on the Flame/Flamer/TheFlame/sKyWIper Malware.

As You already know, some Microsoft certificates were abused for flame malware MiTM installation method.
But take a look on the technical details of the certificate chain.

The actual code is signed by a series of certificates:

One interesting thing is that the program file was timestamped, too:

Ok, let’s see the certificates from top to down:


Certificate:
Data:
Version: 3 (0x2)
Serial Number:
c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Signature Algorithm: md5WithRSAEncryption
Issuer: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
Validity
Not Before: Jan 10 07:00:00 1997 GMT
Not After : Dec 31 07:00:00 2020 GMT
Subject: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a9:02:bd:c1:70:e6:3b:f2:4e:1b:28:9f:97:78:
5e:30:ea:a2:a9:8d:25:5f:f8:fe:95:4c:a3:b7:fe:
9d:a2:20:3e:7c:51:a2:9b:a2:8f:60:32:6b:d1:42:
64:79:ee:ac:76:c9:54:da:f2:eb:9c:86:1c:8f:9f:
84:66:b3:c5:6b:7a:62:23:d6:1d:3c:de:0f:01:92:
e8:96:c4:bf:2d:66:9a:9a:68:26:99:d0:3a:2c:bf:
0c:b5:58:26:c1:46:e7:0a:3e:38:96:2c:a9:28:39:
a8:ec:49:83:42:e3:84:0f:bb:9a:6c:55:61:ac:82:
7c:a1:60:2d:77:4c:e9:99:b4:64:3b:9a:50:1c:31:
08:24:14:9f:a9:e7:91:2b:18:e6:3d:98:63:14:60:
58:05:65:9f:1d:37:52:87:f7:a7:ef:94:02:c6:1b:
d3:bf:55:45:b3:89:80:bf:3a:ec:54:94:4e:ae:fd:
a7:7a:6d:74:4e:af:18:cc:96:09:28:21:00:57:90:
60:69:37:bb:4b:12:07:3c:56:ff:5b:fb:a4:66:0a:
08:a6:d2:81:56:57:ef:b6:3b:5e:16:81:77:04:da:
f6:be:ae:80:95:fe:b0:cd:7f:d6:a7:1a:72:5c:3c:
ca:bc:f0:08:a3:22:30:b3:06:85:c9:b3:20:77:13:
85:df
Exponent: 65537 (0x10001)
X509v3 extensions:
2.5.29.1:
0....[.p.ir.#Q~..M....r0p1+0)..U..."Copyright (c) 1997 Microsoft Corp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority......<<...>.c..@
Signature Algorithm: md5WithRSAEncryption
95:e8:0b:c0:8d:f3:97:18:35:ed:b8:01:24:d8:77:11:f3:5c:
60:32:9f:9e:0b:cb:3e:05:91:88:8f:c9:3a:e6:21:f2:f0:57:
93:2c:b5:a0:47:c8:62:ef:fc:d7:cc:3b:3b:5a:a9:36:54:69:
fe:24:6d:3f:c9:cc:aa:de:05:7c:dd:31:8d:3d:9f:10:70:6a:
bb:fe:12:4f:18:69:c0:fc:d0:43:e3:11:5a:20:4f:ea:62:7b:
af:aa:19:c8:2b:37:25:2d:be:65:a1:12:8a:25:0f:63:a3:f7:
54:1c:f9:21:c9:d6:15:f3:52:ac:6e:43:32:07:fd:82:17:f8:
e5:67:6c:0d:51:f6:bd:f1:52:c7:bd:e7:c4:30:fc:20:31:09:
88:1d:95:29:1a:4d:d5:1d:02:a5:f1:80:e0:03:b4:5b:f4:b1:
dd:c8:57:ee:65:49:c7:52:54:b6:b4:03:28:12:ff:90:d6:f0:
08:8f:7e:b8:97:c5:ab:37:2c:e4:7a:e4:a8:77:e3:76:a0:00:
d0:6a:3f:c1:d2:36:8a:e0:41:12:a8:35:6a:1b:6a:db:35:e1:
d4:1c:04:e4:a8:45:04:c8:5a:33:38:6e:4d:1c:0d:62:b7:0a:
a2:8c:d3:d5:54:3f:46:cd:1c:55:a6:70:db:12:3a:87:93:75:
9f:a7:d2:a0

Next level (2):

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
3a:ab:11:de:e5:2f:1b:19:d0:56
Signature Algorithm: md5WithRSAEncryption
Issuer: OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
Validity
Not Before: Dec 10 01:55:35 2009 GMT
Not After : Oct 23 08:00:00 2016 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 1999 Microsoft Corp., CN=Microsoft Enforced Licensing Intermediate PCA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:fa:c9:3f:35:cb:b4:42:4c:19:a8:98:e2:f4:e6:
ca:c5:b2:ff:e9:29:25:63:9a:b7:eb:b9:28:2b:a7:
58:1f:05:df:d8:f8:cf:4a:f1:92:47:15:c0:b5:e0:
42:32:37:82:99:d6:4b:3a:5a:d6:7a:25:2a:9b:13:
8f:75:75:cb:9e:52:c6:65:ab:6a:0a:b5:7f:7f:20:
69:a4:59:04:2c:b7:b5:eb:7f:2c:0d:82:a8:3b:10:
d1:7f:a3:4e:39:e0:28:2c:39:f3:78:d4:84:77:36:
ba:68:0f:e8:5d:e5:52:e1:6c:e2:78:d6:d7:c6:b9:
dc:7b:08:44:ad:7d:72:ee:4a:f4:d6:5a:a8:59:63:
f4:a0:ee:f3:28:55:7d:2b:78:68:2e:79:b6:1d:e6:
af:69:8a:09:ba:39:88:b4:92:65:0d:12:17:09:ea:
2a:a4:b8:4a:8e:40:f3:74:de:a4:74:e5:08:5a:25:
cc:80:7a:76:2e:ee:ff:21:4e:b0:65:6c:64:50:5c:
ad:8f:c6:59:9b:07:3e:05:f8:e5:92:cb:d9:56:1d:
30:0f:72:f0:ac:a8:5d:43:41:ff:c9:fd:5e:fa:81:
cc:3b:dc:f0:fd:56:4c:21:7c:7f:5e:ed:73:30:3a:
3f:f2:e8:93:8b:d5:f3:cd:0e:27:14:49:67:94:ce:
b9:25
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Extended Key Usage:
Code Signing, 1.3.6.1.4.1.311.10.6.1, 1.3.6.1.4.1.311.10.6.2
2.5.29.1:
0....[.p.ir.#Q~..M....r0p1+0)..U..."Copyright (c) 1997 Microsoft Corp.1.0...U....Microsoft Corporation1!0...U....Microsoft Root Authority......<<...>.c..@
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
6A:97:E0:C8:9F:F4:49:B4:89:24:B3:E3:D1:A8:22:86:AA:D4:94:43
X509v3 Key Usage:
Digital Signature, Certificate Sign, CRL Sign
Signature Algorithm: md5WithRSAEncryption
5d:2b:68:a5:e2:da:c7:2b:5c:77:ec:ea:0e:1f:e3:8e:41:57:
60:b4:8f:3f:a2:88:d2:0f:77:1a:92:9f:37:59:bb:15:97:dc:
a8:73:56:60:87:e3:3d:bc:b4:e1:10:64:2d:c8:b8:d6:81:00:
06:89:1f:96:41:ac:05:1a:ca:78:00:d9:db:5f:b6:f9:71:87:
8e:04:7b:fa:78:f2:1e:2f:df:8b:b3:04:fe:7a:cc:ef:af:5e:
98:da:1d:ad:94:95:74:b0:d9:87:97:58:1c:4f:a4:82:c7:f9:
b3:ae:09:06:12:7e:cb:fd:22:6a:94:99:4a:c3:b9:32:44:87:
bc:bf:f7:7c:60:6c:88:cc:c0:fd:b6:5c:14:19:71:31:5f:99:
d2:db:a7:0c:9d:c2:75:9d:ba:ed:b1:88:6c:52:1b:42:5a:2d:
b0:e3:13:04:78:ff:51:d7:58:e7:18:c0:01:8c:f8:43:12:a8:
9d:8c:b5:81:f3:70:a0:ad:19:c6:e4:e4:44:e5:55:05:50:d3:
88:40:65:aa:d0:02:0e:00:4d:84:bb:6a:39:0c:6d:88:f1:1e:
d6:95:72:34:70:9b:c5:a6:6f:66:bc:94:14:df:34:ff:e4:63:
3a:93:31:13:de:a0:2c:7a:73:68:7c:0e:44:98:a0:a8:37:3e:
2e:3a:5b:22

Level 3:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:1a:02:b7:00:02:00:00:00:12
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 1999 Microsoft Corp., CN=Microsoft Enforced Licensing Intermediate PCA
Validity
Not Before: Dec 11 00:03:58 2009 GMT
Not After : Oct 23 08:00:00 2016 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 2003 Microsoft Corp., CN=Microsoft Enforced Licensing Registration Authority CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:8e:98:07:ed:46:50:30:aa:8a:95:5e:36:7f:bc:
71:30:a1:1d:49:cf:e7:96:ff:2f:9a:09:16:12:f0:
98:31:55:45:52:40:63:7d:57:67:46:a2:2b:08:98:
6d:9b:c6:69:25:40:87:49:e7:01:37:84:00:1d:69:
9d:85:2f:e1:a0:2c:27:83:4c:75:60:8b:2c:eb:f9:
90:8e:5e:4a:8f:fd:d3:5b:8c:89:c8:0f:f8:cf:2e:
9f:3c:8a:3d:41:cc:b6:84:0c:9c:73:97:46:dd:52:
26:12:a5:44:8d:df:0a:50:1f:4a:79:dc:e3:19:3c:
ef:ed:82:c9:89:14:91:fd:99:69:a4:f2:8a:a6:c8:
8e:bd:38:3b:80:30:8a:59:c8:a0:ab:de:71:44:1b:
24:f9:b9:a1:8f:19:9d:fd:19:b4:69:16:17:a2:23:
31:a7:11:12:65:cd:c0:9d:78:5d:42:e5:95:8e:13:
2f:ac:f8:00:87:6e:96:ef:73:d4:0f:7e:3c:9f:81:
47:d0:1f:8f:79:1d:3c:3f:cb:ae:34:22:d6:cd:fc:
21:80:35:11:0d:a9:90:cc:55:b4:65:fc:2d:37:7d:
80:7a:97:ee:5b:4a:c5:3e:8b:03:aa:ae:4d:22:37:
66:70:84:1c:69:c5:d7:97:9a:8f:1e:3a:b2:24:84:
8f:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Key Identifier:
B4:A1:D8:DE:FB:0E:C4:CB:9D:9F:06:CF:36:0D:91:1A:F8:9F:5B:E3
X509v3 Key Usage:
Digital Signature, Non Repudiation, Certificate Sign, CRL Sign
1.3.6.1.4.1.311.21.1:
.....
1.3.6.1.4.1.311.21.2:
....x8g.).k/.T..p_....
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
X509v3 Authority Key Identifier:
keyid:6A:97:E0:C8:9F:F4:49:B4:89:24:B3:E3:D1:A8:22:86:AA:D4:94:43

        X509v3 CRL Distribution Points:
            Full Name:
              URI:http://crl.microsoft.com/pki/crl/products/MicEnfLicPCA_12-10-09.crl
        X509v3 Extended Key Usage:
            Code Signing, 1.3.6.1.4.1.311.10.6.2
        1.3.6.1.4.1.311.2.1.10: critical
            0....).'https://www.microsoft.com/repository/CPS........This certificate incorporates by reference, and its use is strictly

subject to, the Microsoft Certification Practice Statement (CPS)
version 2.0, available in the Microsoft repository at:
https://www.microsoft.com; by E-mail at CPS-requests@microsoft.com; or
by mail at Microsoft Corp, dept. CPS,1 Microsoft Way,Redmond, WA 98052
USA Copyright (c)1999 Microsoft Corp. All Rights Reserved. CERTAIN
WARRANTIES DISCLAIMED AND LIABILITY LIMITED.

WARNING: THE USE OF THIS CERTIFICATE IS STRICTLY SUBJECT TO THE
VERISIGN CERTIFICATION PRACTICE STATEMENT. THE ISSUING AUTHORITY
DISCLAIMS CERTAIN IMPLIED AND EXPRESS WARRANTIES, INCLUDING WARRANTIES
OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, AND WILL NOT
BE LIABLE FOR CONSEQUENTIAL, PUNITIVE, AND CERTAIN OTHER DAMAGES. SEE
THE CPS FOR DETAILS.

Contents of the Microsoft registered nonverifiedSubjectAttributes
extension value shall not be considered as accurate information
validated by the IA.
.6.4https://www.microsoft.com/repository/mscpslogo.gif
Signature Algorithm: md5WithRSAEncryption
24:ab:ed:f7:72:44:44:98:71:f6:d1:b9:b5:69:e0:ef:1c:b0:
4c:04:98:0f:bf:4c:a9:74:47:b0:84:a1:48:e2:81:b3:ea:e1:
c9:53:92:53:11:c8:45:ba:88:76:68:cd:dc:be:f3:a0:65:80:
76:d7:93:03:69:8d:c7:bc:7a:ae:89:7c:df:12:10:0a:a6:29:
a6:d4:e5:9b:55:ab:ca:ec:4b:d9:c1:28:37:d0:d6:71:38:6d:
5e:75:fd:66:ab:2a:c0:b9:24:6f:9e:42:33:0f:71:b4:6e:a6:
f7:ba:23:1a:74:ed:cd:b1:ae:0a:32:a8:5c:26:16:fa:31:76:
23:e8:a7:24:80:f1:de:45:b5:42:bd:f1:58:08:8f:e2:f2:70:
86:2e:13:83:24:de:50:88:88:c0:23:32:59:74:fa:7a:5f:73:
d7:63:bd:58:9d:c0:68:b0:53:21:71:50:45:b8:27:cf:3c:e5:
64:fb:7c:13:8b:c1:01:3e:90:d9:43:f7:3e:cc:19:16:b3:b6:
16:8f:27:7a:f9:46:ed:8a:da:e7:c5:91:c2:c8:2a:08:21:5a:
b8:7a:88:4e:a6:2a:a5:f7:ed:20:01:14:48:56:df:57:7d:6f:
bf:95:75:18:29:17:19:84:a3:13:61:54:82:c3:55:58:3d:83:
a3:90:75:aa

Level 4:

Certificate:
Data:
Version: 3 (0x2)
Serial Number:
61:03:73:c5:00:01:00:00:00:1a
Signature Algorithm: md5WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Copyright (c) 2003 Microsoft Corp., CN=Microsoft Enforced Licensing Registration Authority CA
Validity
Not Before: Feb 19 21:48:39 2010 GMT
Not After : Feb 19 21:48:39 2012 GMT
Subject: DC=com, DC=microsoft, DC=extranet, DC=partners, CN=Microsoft LSRA PA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:d7:27:32:63:50:bc:ca:67:6c:44:c2:08:0a:fb:
aa:e8:25:ff:e5:a8:f3:32:53:0b:53:af:b7:29:cc:
2c:91:34:01:f1:52:59:55:73:df:56:2c:25:ae:41:
d1:2a:de:09:d1:90:41:bf:2c:c7:6d:e6:1b:0d:5c:
1f:c4:62:06:1f:72:6a:fc:a6:d7:19:57:c1:06:42:
35:50:78:ec:6d:a2:13:b0:90:9d:0c:9d:d8:5f:b7:
bf:f0:cc:b1:a9:b8:c1:f7:b9:a9:e3:14:c6:9a:bb:
6a:8c:c8:6f:bb:c4:e6:3b:de:c3:16:25:cf:76:d4:
7c:e5:88:80:e9:4e:27:6d:b9:c6:fb:a6:6e:b0:65:
15:e3:4d:b3:1b:e9:ac:fa:87:37:8a:e9:81:d1:4e:
49:26:b8:26:72:3d:bf:cc:cb:d3:9c:55:cf:a9:2b:
4b:22:78:44:85:0b:04:ee:09:84:bb:65:c4:31:8a:
83:3b:fa:53:98:a1:fd:a1:f4:4c:71:4c:e9:15:87:
2b:13:ef:dc:d6:52:84:ed:1c:e5:35:4a:22:2c:14:
84:6b:f2:8a:ef:9b:f6:d3:75:ce:6d:0e:81:1f:6d:
df:22:ee:b3:ec:01:36:d8:ff:68:ff:4e:ba:75:d5:
4e:18:e6:b4:00:7e:b9:a3:ee:31:2e:4e:a0:0c:e5:
21:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:TRUE, pathlen:0
X509v3 Subject Key Identifier:
75:E8:03:58:5D:FB:65:E4:D9:A6:AC:17:B6:03:7E:47:AD:2E:81:AF
X509v3 Key Usage:
Digital Signature, Certificate Sign, CRL Sign
1.3.6.1.4.1.311.21.1:
...
1.3.6.1.4.1.311.20.2:
.
.S.u.b.C.A
X509v3 Authority Key Identifier:
keyid:B4:A1:D8:DE:FB:0E:C4:CB:9D:9F:06:CF:36:0D:91:1A:F8:9F:5B:E3

        X509v3 CRL Distribution Points:
            Full Name:
              URI:http://crl.microsoft.com/pki/crl/products/MicEnfLicRegAutCA_2009-12-10.crl
              URI:http://www.microsoft.com/pki/crl/products/MicEnfLicRegAutCA_2009-12-10.crl
        Authority Information Access:
            CA Issuers - URI:http://www.microsoft.com/pki/certs/MicEnfLicRegAutCA_2009-12-10.crt
Signature Algorithm: md5WithRSAEncryption
     5c:b5:59:bb:13:8c:dc:55:00:48:24:53:8d:fe:09:69:eb:8e:
     5e:f9:79:6d:92:33:7a:f2:29:7f:61:1d:c7:fe:4c:f0:1b:5a:
     ad:ff:6c:36:bc:20:0a:03:31:6a:6e:a0:ac:6b:27:c8:99:9c:
     5d:29:80:a5:c0:61:42:2f:b5:0a:f3:2e:69:b3:6f:3e:64:e1:
     33:5b:03:7b:f1:b7:c9:24:a0:40:91:29:22:07:52:1b:52:39:
     b7:49:c8:16:f9:e2:e4:54:a7:67:47:64:86:fc:c6:cf:32:b9:
     91:49:30:66:0e:9f:a6:d7:6c:e0:48:7e:11:65:42:48:fb:0e:
     09:09:3a:aa:48:e6:ee:5c:0c:51:40:58:19:8b:4c:26:92:ee:
     c8:55:93:40:20:91:d4:dc:33:dd:d2:e6:1c:12:d6:72:bb:c0:
     ad:53:2f:f8:99:43:11:4a:6c:dc:a1:f4:0c:5a:21:b5:05:ea:
     ac:e8:50:1f:29:04:c9:81:c7:8e:95:2c:7c:72:4f:78:e9:c5:
     4c:c4:8e:c8:db:ee:09:10:7b:5b:38:c9:b3:b9:18:ad:87:f6:
     1b:98:25:da:1a:56:61:76:c9:12:7c:98:1a:06:f0:a0:86:38:
     6a:25:0f:5d:b9:1f:7f:c0:85:6a:aa:69:fb:23:91:ca:41:8a:
     0c:19:44:5c

And the final step:

Certificate:
Data:
Version: 3 (0x2)
Serial Number: 7038 (0x1b7e)
Signature Algorithm: md5WithRSAEncryption
Issuer: DC=com, DC=microsoft, DC=extranet, DC=partners, CN=Microsoft LSRA PA
Validity
Not Before: Feb 19 21:48:39 2010 GMT
Not After : Feb 19 21:48:39 2012 GMT
Subject: CN=MS
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a6:89:43:6f:c6:ca:9d:42:ad:bd:28:d5:46:49:
e0:55:f2:cc:38:e0:3d:c0:7c:ba:1d:ca:bb:92:c4:
be:4c:5f:1a:f9:d6:42:4b:34:0b:2f:8a:ac:cb:97:
31:ef:76:2f:c3:85:af:95:93:47:46:f6:ff:7c:ca:
df:c8:f9:d0:6a:ec:df:0e:91:55:23:ab:64:06:90:
d3:37:83:a8:0e:3e:5e:7f:77:35:66:74:20:87:42:
1f:25:17:8a:d5:28:05:38:05:c8:48:6d:63:76:3e:
fd:5a:11:67:07:09:6d:98:a3:08:4a:f1:11:7f:80:
a7:4e:37:d4:f0:0e:34:7a:d5:ba:83:ad:60:1e:57:
44:65:50:72:cd:af:1e:d0:1e:30:c2:eb:6a:51:e2:
aa:54:85:57:fa:9c:b1:59:e8:24:5e:d4:38:d3:56:
81:68:d5:05:8b:48:25:92:a2:11:1b:e8:51:54:d9:
d9:04:60:ee:1c:fb:6a:ec:f0:6e:38:bb:ad:da:35:
87:63:74:86:ef:1f:cd:80:92:a2:98:3a:97:9a:bd:
35:d1:7d:2e:3a:47:04:48:17:74:db:a3:67:d9:82:
78:e0:77:2c:cc:ac:39:61:a6:d8:9d:aa:fc:de:6f:
60:4c:7c:73:07:31:93:2f:67:28:4a:7e:d1:ae:4c:
42:dd
Exponent: 65537 (0x10001)
Signature Algorithm: md5WithRSAEncryption
00:4a:ab:73:72:83:71:31:a8:04:a4:d5:27:cf:cc:5a:ca:76:
ca:67:4c:05:58:4b:b7:07:e8:94:04:86:a5:10:00:50:34:a1:
71:fe:5d:fd:9b:4b:29:7f:5c:ca:52:c7:8b:c0:7d:49:c9:8b:
23:e1:5d:f3:8a:c3:25:ab:48:07:3f:f5:f4:ef:77:dc:46:d2:
b2:97:0b:c9:7e:bb:af:29:5f:ec:de:40:2b:e8:bb:e5:12:b5:
f7:4d:71:7b:94:35:50:57:e8:fb:ee:67:f3:85:db:ed:d6:64:
78:f1:7c:71:70:75:02:17:68:66:49:bb:29:5c:e5:f2:4a:e3:
ca:dc:8c:f6:6d:62:9c:d0:5f:e6:3e:b1:e1:e5:cd:87:1d:7e:
97:e2:d8:4e:11:7b:8a:4b:56:79:9d:fb:04:ff:80:ca:01:af:
36:ac:c8:20:0e:d7:49:14:10:4f:e7:3c:64:ac:30:dd:d1:4c:
5c:35:ef:16:bf:6f:74:bb:19:fd:26:24:b1:12:c5:05:44:a9:
1f:42:6b:1f:96:0d:c9:4a:38:b5:00:8d:b3:64:fa:68:fe:d1:
aa:ce:8c:f7:20:50:d1:17:70:b3:90:85:7f:72:48:c2:d3:03:
c3:e7:bc:f4:0f:63:01:a0:71:b7:a7:ec:d6:b9:48:17:dd:a1:
43:a2:b9:96

So from http://technet.microsoft.com/en-us/security/advisory/2718704 Advisory we know
that

  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

were revoked.

The exact list can be found at http://blogs.technet.com/b/srd/ as follows:

Certificate Issued by Thumbprint
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 2a 83 e9 02 05 91 a5 5f c6 dd ad 3f b1 02 79 4c 52 b2 4e 70
Microsoft Enforced Licensing Intermediate PCA Microsoft Root Authority 3a 85 00 44 d8 a1 95 cd 40 1a 68 0c 01 2c b0 a3 b5 f8 dc 08
Microsoft Enforced Licensing Registration Authority CA (SHA1) Microsoft Root Certificate Authority fa 66 60 a9 4a b4 5f 6a 88 c0 d7 87 4d 89 a8 63 d7 4d ee 97

For the certificate chain above, Level 2 certificate is the certificate referred in the latter table in row number 1. The other two certificates might have been revoked for precaution.
level 3.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

What is 13 + 2 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)