Update for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2. Customers should install the automatic updater of revoked certificates. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

Resolves vulnerabilities in Windows that could allow spoofing if the attacker gains access to the certificate that is used by the end-user for authentication.

Before the May 10, 2022 security update, certificate-based authentication would not account for a dollar sign ($) at the end of a machine name. This allowed related certificates to be emulated (spoofed) in various ways.

An update rollup is available for Windows Embedded Compact 7. This update rollup resolves the security issues that are described in the following articles in the Microsoft Knowledge Base: 3050995 Microsoft security advisory: Improperly issued digital certificates could allow spoofing.

PetitPotam takes advantage of servers where Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks. The mitigations below outline to customers how to protect their AD CS servers from such attacks.

Resolves a vulnerability in the Secure Channel (SChannel) security package in Windows that could allow spoofing if an attacker gains access to the certificate that is used by the end-user for authentication.

An update is available for the certificate revocation list on Windows Embedded Compact 7. This update resolves the security issues that are described in the following article in the Microsoft Knowledge Base: 2524375 Microsoft Security Advisory: Fraudulent Digital Certificates could allow spoofing.

If your application is not SHA-2 signed, you might encounter issues or have to disable security warnings or security features to let the application run. We do not recommend this. Verify that you are using the latest version of your applications and if issues persist, contact the manufacturer.

SHA-1 is a legacy cryptographic hashing algorithm that is no longer deemed secure. Using the SHA-1 hashing algorithm in digital certificates could allow an attacker to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Digital signatures support this change by providing assurances about the validity and authenticity of a digital document. For more information, see Add or remove a digital signature in Office files .