The new billing.microsoft.com root certificate

If you visit https://billing.microsoft.com/ with Firefox, you will be confronted with an error message that the certificate is invalid. The reason is that the website is vouched by a new root certificate by Microsoft, that Microsoft appears not to have done the proper procedure to contact the Mozilla Foundation and add the root certificate.

Using CertWatch we managed to extract the certificate file (other methods also exist).

Here are the details of this billing.microsoft.com root certificate:

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6a:80:24:5c:00:08:00:01:9c:18
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: DC=com, DC=microsoft, DC=corp, DC=redmond,
                                CN=Microsoft Secure Server Authority
        Validity
            Not Before: Jul  9 03:16:55 2010 GMT
            Not After : Jul  9 03:16:55 2011 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft,
                OU=Windows Live Operations, CN=billing.microsoft.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
            RSA Public Key: (1024 bit)
                Modulus (1024 bit):
                    00:ab:d7:34:a7:58:eb:89:b8:a0:3c:5a:d4:fb:d5:
                    49:1e:6c:51:79:d0:dc:49:03:3d:11:e8:79:2c:e2:
                    c8:24:e4:d0:a8:45:57:c1:fd:b9:9e:ed:c0:c5:e6:
                    94:ae:96:45:db:ce:14:29:63:34:55:f4:e9:3a:d1:
                    4e:be:45:06:db:ef:f0:95:7d:dd:63:21:81:6e:d6:
                    1f:8a:7d:59:80:83:df:59:a8:a6:6e:b3:82:ea:af:
                    80:43:79:45:45:af:fb:5e:66:83:4d:b2:23:13:ff:
                    bc:67:5d:a5:7b:03:81:e5:24:7f:31:2d:5b:1d:98:
                    ed:c5:53:73:17:2e:7e:c4:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage:
                Digital Signature, Key Encipherment, Data Encipherment
            S/MIME Capabilities:
......0...+....0050...*.H..
..*.H..
            X509v3 Extended Key Usage:
                TLS Web Client Authentication, TLS Web Server Authentication
            X509v3 Subject Key Identifier:
                69:47:71:B7:BA:81:B5:35:50:69:AC:DB:46:18:F2:5F:82:83:9B:D5
            X509v3 Authority Key Identifier:
                keyid:08:42:E3:DB:4E:11:66:F3:B5:08:C5:40:DB:55:7C:33:46:11:83:38

            X509v3 CRL Distribution Points:
                URI:http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20Secure%20Server%20Authority(8).crl
                URI:http://crl.microsoft.com/pki/mscorp/crl/Microsoft%20Secure%20Server%20Authority(8).crl
                URI:http://corppki/crl/Microsoft%20Secure%20Server%20Authority(8).crl

            Authority Information Access:
                CA Issuers - URI:http://www.microsoft.com/pki/mscorp/Microsoft%20Secure%20Server%20Authority(8).crt
                CA Issuers - URI:http://corppki/aia/Microsoft%20Secure%20Server%20Authority(8).crt

            1.3.6.1.4.1.311.21.7:
                00.(+.....7.....M..........}...t.O.........c..d...
            1.3.6.1.4.1.311.21.10:
                0.0
..+.......0
..+.......
    Signature Algorithm: sha1WithRSAEncryption
        77:62:04:97:b2:38:c5:90:1e:9f:8d:03:16:bd:79:c9:c9:54:
        cb:f3:94:b4:7a:fa:18:de:95:54:20:1f:3a:bd:72:c2:d9:46:
        d5:af:b9:72:5a:a2:52:5f:42:89:16:b8:60:f7:00:74:19:e8:
        de:23:64:0c:a2:6e:64:7c:22:aa:58:a0:25:59:24:b5:30:54:
        2f:a3:be:db:b7:6d:ce:02:37:37:d8:c0:11:c5:62:d8:81:84:
        cd:c3:e3:15:36:33:56:97:7f:68:d9:ab:d4:ac:5a:9b:f5:99:
        be:52:4d:f1:c4:32:40:0d:ed:27:59:36:75:3c:a5:27:6e:66:
        43:b8:82:56:74:eb:ab:62:5f:5d:96:b8:ba:0d:59:f7:1f:f4:
        8d:e1:ff:88:0d:5d:76:10:3e:90:46:85:5e:f9:a7:13:b8:11:
        e8:39:79:49:c6:5a:04:55:c9:bf:fb:b9:6a:ea:2a:2b:ab:0a:
        97:3b:86:78:5c:2e:28:39:19:c6:29:66:32:a8:60:d8:55:2b:
        71:4c:ff:e1:69:7c:40:a0:6c:86:49:fe:f8:0d:f4:8c:2c:03:
        e2:45:16:fd:0a:72:c1:90:4e:8c:ff:b0:e8:9b:1f:0f:51:f0:
        3e:40:a2:4a:10:70:48:6e:a7:08:8f:59:bc:61:96:1e:85:11:
        ea:db:63:64

The public key in decimal is

120670606144085109719219572194923534474923017051023017296322634692
625135745151055829730471725822826389243527648003600042874496534246
318211937373035306269108919094913609992115753070424083618544501290
818141600949585344863493055281433804504288287861848308627219396986
992979141910834747175772631763346288615015629

If you can factorise this number, then you have broken the certificate.

Apparently this certificate is accepted by recent versions of Internet Explorer and Chrome. With this information at hand, I do not see how these browsers accept the root certificate which is also a website certificate (an oddity). Currently, the only explanation at hand would be that those browsers either have a copy of this root certificate or they use another (unknown to me) cryptographic mechanism to verify the certificate.

This entry was posted in Analysis and tagged , , . Bookmark the permalink.

3 Responses to The new billing.microsoft.com root certificate

  1. Frank B Mac OS X Safari 533.17.8 says:

    Which means what, exactly? I have to update my credit card info or lose my Hotmail. (I don’t really use it, but I have history in those old emails.)

    Is it safe?

    [What is means is that Microsoft somehow messed up with the website settings. You should contact Microsoft for this issue and the effect on your security. -- simos]

  2. Muhannad Al-Durrah Windows 7 Internet Explorer 7.0 says:

    Unable to resonse to your message regarding payment clearance using visa. The visa info. available with you is still very much valid

  3. Patricia E. Rasmussen Windows Vista Internet Explorer 7.0 says:

    Dave originally set up my new email address (listed above). Now receiving emails that our info changed and needs to be renewed. I cannot get to where payment info is taken care of and getting very frustrated as I am trying to do work and wasting lots of time here. Also I really wanted a “free email” as my other 2 are. Obviously there is no phone to reach you to skip this waste of time.

    Please help, I really thank you if you can.
    Patty Rasmussen

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>