Microsoft has revoked CAs without releasing note or announcements in ccadb

[Yuwei HAN (hanyuwei70)]

On Aug.23 2023, Microsoft revoked some CAs causing some software with Code Signing  signatures can't run, without any notification. And it has made lots of confusion to system admins.
Today Microsoft still not responding in CCADB, so I am here to raise some attention.

https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/

[Dan Collins]

Have they revoked those certificates, or have they removed those certificates from the Windows trust store?

Also, doesn't that article say that the change was already reversed?

--
You received this message because you are subscribed to the Google Groups "CCADB Public" group.
To unsubscribe from this group and stop receiving emails from it, send an email to public+un...@ccadb.org.
To view this discussion on the web visit https://groups.google.com/a/ccadb.org/d/msgid/public/da3f8a17-819b-4ceb-8594-254f92dcb890n%40ccadb.org.

[Jeffrey Walton]

On Wed, Aug 30, 2023 at 12:39 PM Dan Collins <dcol...@gmail.com> wrote:
>
> Have they revoked those certificates, or have they removed those certificates from the Windows trust store?

An image in the Ars technical article shows the certificate's property
page, and it says, "This certificate has been revoked by its
certification authority."

> Also, doesn't that article say that the change was already reversed?

I think a more interesting question is, how did the certificate become
unrevoked? Is there an established procedure for it?

Jeff

[Yuwei HAN (hanyuwei70)]

They are using special flags [1] to "disable" these certs. And this make them very easy to "revert" these changes.

[1] https://learn.microsoft.com/en-us/security/trusted-root/deprecation