none
Inadvertently Disclosed Digital Certificates Could Allow Spoofing fix for Windows server 2012R2 RRS feed

  • Question

  • Security team has been highlighted below 3 Medium vulnerabilities in Windows server 2012 R2.


    MS KB3097966: Inadvertently Disclosed Digital Certificates Could Allow Spoofing

    MS KB3123040: Improperly Issued Digital Certificates Could Allow Spoofing

    MS KB3119884: Improperly Issued Digital Certificates Could Allow Spoofing





    Thursday, August 15, 2019 9:06 AM

All replies

  • Hi Team,

    Please help me on above query. Any fix released by Microsoft for above Vulnerabilities in Windows server 2012 R2.

    Regards,

    Mithun N

    Thursday, August 15, 2019 11:06 AM
  • MS KB3097966: Inadvertently Disclosed Digital Certificates Could Allow Spoofing

    https://support.microsoft.com/en-us/help/3097966/microsoft-security-advisory-inadvertently-disclosed-digital-certificat

    MS KB3123040: Improperly Issued Digital Certificates Could Allow Spoofing

    https://docs.microsoft.com/en-us/security-updates/securityadvisories/2015/3123040

    MS KB3119884: Improperly Issued Digital Certificates Could Allow Spoofing

    https://docs.microsoft.com/en-us/security-updates/securityadvisories/2015/3119884

    Thursday, August 15, 2019 4:37 PM
  • Hi,

    Thank you for your reply. But I am facing below issue while fixing the issue.

    KB3097966 - Showing patch is not applicable for this Server.

    KB3123040 - customers do not need to take any action as these systems and devices will be automatically protected.

    KB3119884- customers do not need to take any action as these systems and devices will be automatically protected.

    Please advice, Nessus scanning result showing above vulnerability.

    Regards,

    Mithun

    Tuesday, August 20, 2019 6:36 AM
  • Hello mithun,

    Thank you for posting in our TechNet forum.

    Because the above vulnerability we provided is detected by the Nessus scanner, we can try to consult the technical support department of Nessus scanner for the meaning of the above vulnerability.

    Thank you for your understanding and support.


    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 21, 2019 2:25 AM
    Moderator
  • Hi Daisy,

    I have check with Nessus Tech Team. Our servers are not connected to internet. Servers will not update automatically.

    They are recommending to install offline package for these KBs. Kindly Advice if there is any Offline package available.

    Regards,

    Mithun

    Wednesday, August 21, 2019 5:07 AM
  • Hi,
    For the above three KB numbers:

    For KB3097966, we can download it here:

    1. Open Microsoft security advisory: Inadvertently disclosed digital certificates could allow spoofing: October 13, 2015 and click the following link in it.



    2. Open the link (Windows Server 2012 R2).



    3. We can see and download KB3097966.





    For KB3123040, from Microsoft Security Advisory 3123040, we can see:



    If the above certificate is not in Untrusted Certificates, we can cut the certificate by right clicking the certificate and paste it into Untrusted Certificates manually.


    For KB3119884, from Microsoft Security Advisory 3119884, we can see:



    If the above two certificates are not in Untrusted Certificates, we can cut the certificate by right clicking the certificate and paste it into Untrusted Certificates manually.




    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 21, 2019 8:43 AM
    Moderator
  • Hi Daisy,

    My understanding and findings below.

    1. Already tried in same way, but showing patch is not applicable.

    2 &3 . Mentioned cert not available in my system. How can i cut and past?

    Regards,

    Mithun

    Thursday, August 22, 2019 3:37 AM
  • Hi,
    For patch is not applicable, we can refer to the part "The update is not applicable to your computer" in the article Windows Update troubleshooting .

    For 2&3, we do not have such certificates, it proves that it has no effect on our machine, so we can safely ignore it.



    Best Regards,
    Daisy Zhou





    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, August 22, 2019 11:38 AM
    Moderator
  • Hi,
    If this question has any update or is this issue solved? Also, for the question, is there any other assistance we could provide?

    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, August 26, 2019 8:14 AM
    Moderator
  • Hi,
    Would you please tell me how things are going on your side. If you have any questions or concerns about the information I provided, please don't hesitate to let us know. 
     
    Again thanks for your time and have a nice day!



    Best Regards,
    Daisy Zhou

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, August 28, 2019 11:16 AM
    Moderator