?Expired Security Certif for MS Update

[Guest]

I have had a profound security problem, and I get conflicting information
from Microsoft technicians. Two of them, 2nd level Research department, say I
should not download an ActiveX control that has an expired security
certificate. Today's tech insists there's nothing wrong with doing that.

Here is what has happened to me repeatedly, on at least four different
machines:

With a freshly reformatted hard drive, and the protection of a router
firewall and Service Pack 2, I go straight to the Microsoft Update site. The
first thing that happens is a warning for the ActiveX control required to get
updates, and the security certificate has an expiry date (consistently) of
October 15, 2005. When I have, in the past, downloaded the thing, it popped
up on the Anti-Spyware Beta as unrecognized by Microsoft.

What appears to happen, if you look at the install logs for critical
updates, is that many of them appear to be being retrieved from the
pagefile.sys location. There are lots of other troublesome lines of code in
those logs, although I don't pretend to be a developer -- or even
knowledgeable about the mysteries of Microsoft.

Today's Microsoft technician--he the one who insisted we use the ActiveX
control with the expired security certificate-- said, when confronted with
these troubling lines of code, "These are not for you or I to know," as if
that somehow clears up the issue.

All I know is that if I "just use the machine," I get all kinds of security
problems, including, eventually, a QuickBooks program that will not work
because of a "virus." That, despite clean scans from the fully updated Norton
(or Kaspersky or McAfee, it doesn't matter) I have on the machine, and clean
online scans from the vendors.

I have looked at other machines log files that have these updates installed
legitimately, and they all show the update files being retrieved from a temp
file or even a web address -- never a pagefile.sys.

I appreciate all the folks that answer these posts, even the ones who aren't
always terribly courteous. I especially appreciate the courteous ones.

Best regards, S

 

[Wesley Vogel]

[[As you may have noticed in the provided information, some of the
certificates have expired. However, these certificates are necessary for
backwards compatibility. Even if there is an expired trusted root
certificate, anything that was signed with that certificate prior to the
expiration date needs that trusted root certificate to be validated. As long
as expired certificates are not revoked, it can be used to validate anything
that was signed prior to its expiration.]]

Trusted Root Certificates That Are Required By Windows 2000, Windows XP, and
Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;293781


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Wesley,

Thanks for your prompt reply. I am not sure I asked the question clearly
enough. Perhaps a better question is, why is there an expired security
certificate as a I come through the "front door" of Microsoft's security
system? It's not as though this is some legacy in an old network. This has
happened on three brand-new computers I bought. Just to check it out, I went
to probably a dozen different computers in four different business locations
to see what they did, and not one of them came up with an expired security
certificate. The certificate in question, to re-iterate, is the one for the
ActiveX required to get the Genuine Advantage Validation Tool et al.

Thanks again for all replies, and especially for the courteous ones, Wesley.

Cheers, Sue

[[As you may have noticed in the provided information, some of the
certificates have expired. However, these certificates are necessary for
backwards compatibility. Even if there is an expired trusted root
certificate, anything that was signed with that certificate prior to the
expiration date needs that trusted root certificate to be validated. As long
as expired certificates are not revoked, it can be used to validate anything
that was signed prior to its expiration.]]

Trusted Root Certificates That Are Required By Windows 2000, Windows XP, and
Windows Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;293781


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

I have had a profound security problem, and I get conflicting information
from Microsoft technicians. Two of them, 2nd level Research department,
say I should not download an ActiveX control that has an expired security
certificate. Today's tech insists there's nothing wrong with doing that.

Here is what has happened to me repeatedly, on at least four different
machines:

With a freshly reformatted hard drive, and the protection of a router
firewall and Service Pack 2, I go straight to the Microsoft Update site.
The first thing that happens is a warning for the ActiveX control
required to get updates, and the security certificate has an expiry date
(consistently) of October 15, 2005. When I have, in the past, downloaded
the thing, it popped up on the Anti-Spyware Beta as unrecognized by
Microsoft.

What appears to happen, if you look at the install logs for critical
updates, is that many of them appear to be being retrieved from the
pagefile.sys location. There are lots of other troublesome lines of code
in those logs, although I don't pretend to be a developer -- or even
knowledgeable about the mysteries of Microsoft.

Today's Microsoft technician--he the one who insisted we use the ActiveX
control with the expired security certificate-- said, when confronted with
these troubling lines of code, "These are not for you or I to know," as if
that somehow clears up the issue.

All I know is that if I "just use the machine," I get all kinds of
security problems, including, eventually, a QuickBooks program that will
not work because of a "virus." That, despite clean scans from the fully
updated Norton (or Kaspersky or McAfee, it doesn't matter) I have on the
machine, and clean online scans from the vendors.

I have looked at other machines log files that have these updates
installed legitimately, and they all show the update files being
retrieved from a temp file or even a web address -- never a pagefile.sys.

I appreciate all the folks that answer these posts, even the ones who
aren't always terribly courteous. I especially appreciate the courteous
ones.

Best regards, S

 

[Steven L Umbach]

I would not worry about an expired certificate. If the certificate was from
an untrusted Certificate Authority or revoked then you certainly should not
proceed. It is not uncommon to come across expired certificates. A
certificate that has expired still works in that it in this case it verifies
that the file is from a trusted publisher. --- Steve

 

[Guest]

Maybe I don't understand security certificates. In this particular case,
it's the security certificate for the "front door" of Microsoft's update
system. I have had several senior-level Microsoft Research Techs say I
should not be encountering this kind of expired certificate -- yet now, when
they have not been able to stop that from happening, they say go ahead and
use the expired certificate.

What I know from previous experience is that if I do so, it opens the door
to all kinds of new security problems. What I see in log files, for example,
strongly suggests that the updates are not really being installed -- that
bogus ones are being retrieved.

What is especially troubling about this is that the last Microsoft tech I
spoke with promised to send a written clarification of why I should use an
expired security certif, within 15 minutes, and here it is four days later
and it hasn't arrived. I don't think anyone at Microsoft is willing to put
that in writing.

Hmmm....

 

[Steven L Umbach]

Certificates/PKI is a somewhat complex topic. If the certificate is from
Microsoft and signed by a CA that your computer trusts I would not worry
about it as long as it has not been revoked. You can view the certificate
certification path to see if it was issued to Microsoft or not and by what
CA. You can go to Internet Explorer/tools/internet options/content -
certificates to view the Trusted Root CAs.

Offhand I don't recall every seeing that message myself on a new install
that has SP2 installed also but I use authentic full retail version of XP
Pro. If you are concerned about your security updates not being installed
you can use Microsoft Baseline Security Analyzer to see if it shows your
computer is current with critical security updates or not. You can find it
for free at the link below. Belarc Advisor is also a free program that will
display updates installed on your computer and let you know if they are
installed correctly if you look under installed hotfixes. --- Steve

http://www.microsoft.com/technet/security/tools/mbsahome.mspx --- MBSA
http://www.belarc.com/free_download.html --- Belarc Advisor.

 

[Guest]

Steven and Wesley,

Thank you both for your courteous and helpful replies. Unfortunately,
Steven, I couldn't get the MBSA to run -- it seemed to download okay, but it
just stalls out. And, for that matter, the link you provided went to an
error page that said, "this page is temporarily unavailable." (I found the
download elsewhere by searching the site, so you definitely got me pointed in
the right direction.) Both these behaviors -- the error page maneuver, and
the stalling out when an app like this runs -- are typicial of this security
issue I have experienced.

All of which makes me very, very uncomfortable with the idea of having any
faith in the downloads I have, that used the expired certificate to get the
gateway ActiveX.

Another thing that makes me uneasy is that even after I removed the
downloaded ActiveX in question, and uninstalled a few critical updates, I was
not prompted to download the ActiveX again.

At the risk of sounding like an alien abductee, this security invasion
system is so subtle -- and so sophisticated -- that it must be running on a
lot more machines than just mine.

As always, I appreciate your courteous and thoughtful replies.

Sue

 

[Steven L Umbach]

I can see why you are frustrated and it is very hard for me to determine
what is going on based on your description of events without being there.
MBSA should run fine on a new install. I can only suggest [if you are not
doing such] to make sure that you are doing a pristine install of the
operating system from an original authentic Microsoft installation disk with
the holograms on the disk that came with Certificate of Authenticity which
would mean that the system drive would need to be formatted and not fast
formatted. If problems still persist I would suggest that you consider
buying a new computer that comes with the operating system installed. Dell
and others are selling powerful computers very cheap for like $399 and if
you want to have any hardware from your existing computer installed into a
new computer that should not be too difficult to do. --- Steve

 

[Guest]

Steven,

You are so generous with your time, I hate to write these "Yeah, but.."
replies.

I *have* reformatted hard drives, probably 100 times among 6 machines. I
*have* bought new machines with operating systems already installed (up to
SP2 plus). Even before I could get the Microsoft updates, the new machines
showed signs of this invader. Geez, I don't know how they do it.

I do appreciate your time. Best, Sue