Microsoft just made a rather embarrassing basic security error

Microsoft has failed to renew the certificate for one of its rather important web pages, causing the site to break and to redirect people elsewhere. 

Spotted by The Register, the certificate for the Windows Insider software testing program expired on Thursday, June 9, in the afternoon hours. 

Those who tried to visit the site during that time were met with the usual “Your connection is not private” message, and users of Chrome, Firefox, or Safari, were advised by their browsers not to proceed.

Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Those who did, were redirected to the main Windows page with 302 and 307 redirect responses, the publication claims, hinting the company was already aware of the issue, at the time. 

Expired certificates

Since then, the certificate has been renewed and the site back up and running again. 

Every now and then, certificates expire and don’t get renewed on time, breaking a few things in the process. In October 2021, one of the biggest non-profit Certificate Authorities (CA) services experienced high levels of renewals from websites and apps, resulting in some big name sites experiencing significant outages.

Due to its cross-signed DST Root CA X3 expiring, Let’s Encrypt’s issue, which is run by the Internet Security Research Group, left websites and apps such as Shopify and Slack experiencing outages. At the time, Let’s Encrypt took to Twitter to advise the affected customers to consult the community forum, offering no promise of resolving the issue quickly.

A month later, an expired certificate affected Windows 11 21H2 and prevented Windows users from opening certain apps.

Back in 2020, an expired authentication certificate made Microsoft Teams inaccessible for a while. 

While expired certifications are a nuisance, they can be even worse if they affect root certificates and bork services, the publication explains. Such was the case with Sectigo’s AddTrust legacy root certificate which, when it expired two years ago, affected thousands of customers. 

Go to Source
Author: