Microsoft Just Made a Pretty Embarrassing Basic Security Mistake

Microsoft Just Made a Pretty Embarrassing Basic Security Mistake

Microsoft failed to renew the certificate for one of its rather important web pages, causing the site to crash and redirecting people elsewhere.

Spotted by The Register (opens in a new tab), the Windows Insider Software Testing Program certificate expired on Thursday afternoon, June 9.

Those who attempted to visit the site during this time received the usual "Your connection is not private" message, and users of Chrome, Firefox, or Safari (opens in a new tab) were notified by browsers not to proceed.

Those who did were redirected to the Windows home page with 302 and 307 redirect responses, according to the post, implying that the company was already aware of the problem at the time.

expired certificates

Since then, the certificate has been renewed and the site is back up and running.

Occasionally certificates expire and are not renewed on time, breaking a few things in the process. In October 2021, one of the largest non-profit Certificate Authority (CA) services experienced high levels of website (opens in a new tab) and app renewals, causing major outages for some CA sites. renown.

Due to the expiration of its cross-signed Root CA X3 DST, the Let's Encrypt issue, which is run by the Internet Security Research Group, has left websites and apps like Shopify and Slack down. At the time, Let's Encrypt took to Twitter to advise affected customers to visit the community forum, without promising to fix the issue anytime soon.

A month later, an expired certificate affected Windows 11 21H2 and prevented Windows users from opening certain applications.

In 2020, an expired authentication certificate made Microsoft Teams inaccessible for some time.

While expired certifications are a nuisance, they can be even worse if they affect root certificates and worker services, the post explains. This was the case with Sectigo's AddTrust legacy root certificate (opens in a new tab) which, when it expired two years ago, affected thousands of customers.