← Microsoft Corporation cases
Bugzilla #1598390
Certificate Problem Report
Microsoft PKI Services: Null Character Bug and Microsoft Root CAs
RESOLVED
FIXED
Microsoft Corporation
AI Summary
Microsoft reported a null character issue in certificates issued by its PKI Services, stemming from a bug in Windows Server 2012 R2 Certificate Services. This issue was identified during x509lint tests, but Microsoft deemed it cosmetic, as it did not affect the functionality of the certificates. No updates were issued to address the bug, and Microsoft has since transitioned to newer server versions. They have committed to revoking affected certificates and improving their pre-issuance linting processes to prevent future occurrences.
Chronology
- Private report sent to Microsoft regarding the null character issue.
- Bug 1598390 opened to document the issue.
- Reissued all affected root certificates with added linting steps.
- Revoked all previous issuing CAs that contained the null character bug.
Participants
Jason Cooper
Julio Montano
Ryan Sleevi
Kathleen Wilson
Wayne Thayer
External References
Similar Local Cases
Microsoft DSRE PKI: problem reporting e-mail in CPS does not work
Microsoft PKI Services: Issuance of intermediates after 2019-01-01 that do not comply with Mozilla Policy
Microsoft PKI Services: Malformed ICAs (Key Usage Malformed)
Consorci AOC: Non-BR-Compliant Certificate Issuance
Microsoft PKI Services: Underscore in SAN
GlobalSign: OCSP responders found to respond signed by the default CA when passed an invalid issuer in request
TrustCor: Non-revocation of CA certificates within 7 days
TrustCor: No mention of TLS-capable Intermediate CAs in WTBR audit reports