Forum Discussion
Microsoft Improperly Issued Digital Certificates Spoofing Vulnerability (KB3123040)
We are getting below vulnerability in Windows Server 2012 2012R2 and Server 2016 while scanning through Qualys agent
Microsoft Improperly Issued Digital Certificates Spoofing Vulnerability (KB3123040)
Solutions:
An automatic updater of untrusted certificates is available for Windows
Create a Group Policy or change an existing Group Policy in the Local Group Policy Editor.
Solution- Open gpedit.msc and follow the below steps.
Computer Configuration\Windows Settings\Security Settings\Public Key Policies
In the details pane, double-click Certificate Path Validation Settings.
Click the Network Retrieval tab, select Define these policy settings, and
then clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box.
Click OK, and then close the Local Group Policy Editor.
We implemented the solutions for above but it coming again, is there any other settings for this that i was missing.
Kindly suggest.
3 Replies
- Normally this issue should be fix using update, so make sure update your Windows Server and install all updates.
You may have a look at:
https://support.microsoft.com/en-us/topic/microsoft-security-advisory-improperly-issued-digital-certificates-could-allow-spoofing-e6afed12-741d-d4a9-f9d8-d4712aebf5ff
And
https://docs.microsoft.com/en-us/security-updates/SecurityAdvisories/2015/3123040
In case you update the system and perform fix and issue persist, try restart the server and if problem continues, you might need to update the Qualys or contact their support.Thanks.
- Welcome , note sometimes it might be a false-positive issue.
