Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Off-Prem

Channel

Microsoft forgot to renew the certificate for its Windows Insider subdomain

Visitors to insider.windows.com met with safety warning - how reassuring

Thomas Claburn Fri 10 Jun 2022  //  19:31 UTC

Microsoft has forgotten to renew the certificate for the web page of its Windows Insider software testing program.

Attempting to visit the Windows Insider portal was returning the familiar "Your connection is not private" warning – as if webpages larded with scripts and trackers can truly be called "private." The problem has now been fixed, and someone's no doubt getting an earful.

Browsers like Chrome, Firefox, and Safari will attempt to deter visitors from accessing the webpage, but will provide a link for those who ignore the warnings and persist on clicking through to advanced options.

We did so and lived to tell about it.

The Insider web page certificate expired on Thursday, June 9, 2022 at 4:59:59 PM Pacific Daylight Time.

Click to enlarge

Microsoft did not immediately respond to a request for comment. But clicking through the warnings on Firefox initially took this reporter to Microsoft's main Windows page with 302 and 307 redirect responses – Microsoft is redirecting requests to its expired page and so is aware of the issue.

This sort of snafu happens occasionally. In November, 2021, an expired cert affected Windows 11 version 21H2 – it prevented Windows users from opening certain apps like the snipping tool.

And in 2020, an expired authentication certificate prevented customers from accessing Microsoft Teams.

Cert expirations tend to be worse when they affect root certificates and bork services for multiple vendors and customers. The expiration of Sectigo's AddTrust legacy root certificate two years ago affected thousands of customers.

They're also rather disruptive when they occur at telecom companies, the 2018 Ericsson cert expiration that hindered communications among tens of millions of UK customers.

Maybe Window's scheduling systems aren't all they are cracked up to be. ®
Send us news
37 Comments

Microsoft issues deadline for end of Windows 10 support – it's pay to play for security

Limited options will be available into 2028, for an undisclosed price

Dump C++ and in Rust you should trust, Five Eyes agencies urge

Memory safety vulnerabilities need to be crushed with better code

Attacks abuse Microsoft DHCP to spoof DNS records and steal secrets

Akamai says it reported the flaws to Microsoft. Redmond shrugged

Fancy Bear goes phishing in US, European high-value networks

GRU-linked crew going after our code warns Microsoft - Outlook not good

Polish train maker denies claims its software bricked rolling stock maintained by competitor

Says it was probably hacked, which isn't good news either

Weak session keys let snoops take a byte out of your Bluetooth traffic

BLUFFS spying flaw present in iPhones, ThinkPad, plenty of chipsets

HP printer software turns up uninvited on Windows systems

No escape from bloat, even without relevant hardware attached

Atlassian security advisory reveals four fresh critical flaws – in mail with dead links

Bitbucket, Confluence and Jira all in danger, again. Sigh

Tiny11 shrinks Windows 11 23H2 down to pocket size

An option when sun sets on Windows 10, but Microsoft might have a problem

Google submits complaints about Microsoft licensing to UK competition regulator

Now Microsoft has regulator breathing down its neck in three regions

Boffins devise 'universal backdoor' for image models to cause AI hallucinations

Data poisoning appears open to all

Microsoft's bug bounty turns 10. Are these kinds of rewards making code more secure?

Katie Moussouris, who pioneered Redmond's program, says folks are focusing on the wrong thing