Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Off-Prem

Channel

Microsoft forgot to renew the certificate for its Windows Insider subdomain

Visitors to insider.windows.com met with safety warning - how reassuring

Thomas Claburn Fri 10 Jun 2022  //  19:31 UTC

Microsoft has forgotten to renew the certificate for the web page of its Windows Insider software testing program.

Attempting to visit the Windows Insider portal was returning the familiar "Your connection is not private" warning – as if webpages larded with scripts and trackers can truly be called "private." The problem has now been fixed, and someone's no doubt getting an earful.

Browsers like Chrome, Firefox, and Safari will attempt to deter visitors from accessing the webpage, but will provide a link for those who ignore the warnings and persist on clicking through to advanced options.

We did so and lived to tell about it.

The Insider web page certificate expired on Thursday, June 9, 2022 at 4:59:59 PM Pacific Daylight Time.

Click to enlarge

Microsoft did not immediately respond to a request for comment. But clicking through the warnings on Firefox initially took this reporter to Microsoft's main Windows page with 302 and 307 redirect responses – Microsoft is redirecting requests to its expired page and so is aware of the issue.

This sort of snafu happens occasionally. In November, 2021, an expired cert affected Windows 11 version 21H2 – it prevented Windows users from opening certain apps like the snipping tool.

And in 2020, an expired authentication certificate prevented customers from accessing Microsoft Teams.

Cert expirations tend to be worse when they affect root certificates and bork services for multiple vendors and customers. The expiration of Sectigo's AddTrust legacy root certificate two years ago affected thousands of customers.

They're also rather disruptive when they occur at telecom companies, the 2018 Ericsson cert expiration that hindered communications among tens of millions of UK customers.

Maybe Window's scheduling systems aren't all they are cracked up to be. ®
Send us news
37 Comments

Microsoft eggheads say AI can never be made secure – after testing Redmond's own products

If you want a picture of the future, imagine your infosec team stamping on software forever

Microsoft sues 'foreign-based' cyber-crooks, seizes sites used to abuse AI

Scumbags stole API keys, then started a hacking-as-a-service biz, it is claimed

OpenAI's ChatGPT crawler can be tricked into DDoSing sites, answering your queries

The S in LLM stands for Security

New Outlook marches onto Windows 10 for what little time it has left

Users of doomed operating system to receive unloved app via an update

Free-software warriors celebrate landmark case that enforced GNU LGPL

On the Fritz: German router maker AVM lets device rights case end after coughing up source code

Russia's Star Blizzard phishing crew caught targeting WhatsApp accounts

FSB cyberspies venture into a new app for espionage, Microsoft says

Look for the label: White House rolls out 'Cyber Trust Mark' for smart devices

Beware the IoT that doesn’t get a security tag

Microsoft invites Chinese software vendors to sell on its marketplace and through its partners

Good luck getting buyers and resellers excited about that

Sage Copilot grounded briefly to fix AI misbehavior

'Minor issue' with showing accounting customers 'unrelated business information' required repairs

Microsoft's spat with ValueLicensing limps toward 2026 showdown

Legal tussle over resale of on-prem perpetual licenses kicked off four years ago

The unlicensed OneDrive free ride ends this month

Kind old Microsoft is worried about security and compliance ... nothing to do with a free storage loophole

Biden signs sweeping cybersecurity order, just in time for Trump to gut it

Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive