
Microsoft releases Security Advisory  - wglb
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx
======
rbanffy
I'm not sure those steps will be that effective without Windows boxes
everywhere being updated. Shouldn't the certificate be blacklisted?

Will removing the signing function from Remote Desktop disable the exploit in
current installations? I don't think anyone using it to sign malware will want
this upgrade.

Can anyone give an explanation on what happens?

~~~
recoiledsnake
See steps 1 and 2 from the linked article:

We are taking several steps to remove this risk:

• First, today we released a Security Advisory outlining steps our customers
can take to block software signed by these unauthorized certificates.

• Second, we released an update that automatically takes this step for our
customers.

• Third, the Terminal Server Licensing Service no longer issues certificates
that allow code to be signed.

~~~
rbanffy
Thanks, @recoiledsnake, but I did read the article.

> we released a Security Advisory

So sysadmins will have to do something. What about machines that are managed
by their own users?

> Second, we released an update that automatically takes this step for our
> customers.

What happens to machines that aren't updated (such as machines controlling
industrial/flight/medical systems?

> Third, the Terminal Server Licensing Service no longer issues certificates
> that allow code to be signed.

Doesn't it run on the Windows machines themselves? Why would someone who's
using it for signing malware upgrade to the new, non-signing, version?

