In early March 2001, VeriSign, Inc., announced that it had issued two digital certificates to an individual who fraudulently claimed to be a Microsoft employee. This issue is discussed at length in Microsoft Security Bulletin
MS01-017 (http://www.microsoft.com/technet/security/bulletin/ms01-017.asp). This article describes how to determine if you have enabled the trust for these certificates and how to remove that trust.
For additional information about this issue, click the article number below
to view the article in the Microsoft Knowledge Base:
293818 (http://support.microsoft.com/kb/293818/EN-US/) Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard
For additional information about how to recognize these fraudulent certificates, click the article number below
to view the article in the Microsoft Knowledge Base:
293817 (http://support.microsoft.com/kb/293817/EN-US/) How to Recognize Erroneously-Issued VeriSign Code-Signing Certificates
For additional information about how to remove VeriSign Commercial Software Publishers CA from the trusted store, click the article number below
to view the article in the Microsoft Knowledge Base:
293819 (http://support.microsoft.com/kb/293819/EN-US/) How to Remove a Root Certificate from the Trusted Root Store
For additional information about how to obtain a tool to revoke these fraudulent certificates, click the article number below
to view the article in the Microsoft Knowledge Base:
293811 (http://support.microsoft.com/kb/293811/EN-US/) Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign
Back to the top
When you click
Always trust content from Microsoft Corporation in the warning dialog box that appears when you encounter these certificates, "Microsoft Corporation" is added to the list of trusted publishers. To remove this explicit trust:
Back to the top
Microsoft Internet Explorer 5, 5.01, 5.5
| 1. | On the Tools menu in Internet Explorer, click Internet Options. |
| 2. | On the Content tab, click Publishers. |
| 3. | Click Microsoft Corporation, click Remove, and then click OK.
NOTE: If "Microsoft Corporation" appears multiple times, there is no way to determine which one to remove; therefore, you must edit the registry by using the steps in the "Editing the Registry" section. |
| 4. | Click OK. |
Back to the top
Internet Explorer 4.x
| 1. | On the View menu in Internet Explorer, click Options.
|
| 2. | On the Content tab, click Publishers. |
| 3. | Click Microsoft Corporation, click Delete, and then click OK.
NOTE: If "Microsoft Corporation" appears multiple times, there is no way to determine which one to remove; therefore, you must edit the registry by using the steps in the "Editing the Registry" section. |
| 4. | Click OK. |
Back to the top
Editing the Registry
WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may
require you to reinstall your operating system. Microsoft cannot guarantee that you can solve
problems that result from using Registry Editor incorrectly. Use Registry Editor at your own
risk.
If "Microsoft Corporation" appears multiple times, use these steps to remove these fraudulent certificates:
| 1. | Start Registry Editor (Regedit.exe). |
| 2. | Determine whether the following key in the registry HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing\Trust Database\0
contains one or more of the following values:
| • | bhhphijojgfcdocagmhjgjbhmieinfap pnkllbeoaimhfgpfonehpajhppeaaohf | | • | bhhphijojgfcdocagmhjgjbhmieinfap gkjjdhegecmnfejcjmdjcedhphjafbbl |
|
| 3. | If these values exist, delete them by clicking the value and then clicking Delete on the Edit menu. |
| 4. | Quit Registry Editor. |
Back to the top
Help and Support
