Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal Tech
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Off-Prem

Channel

Microsoft forgot to renew the certificate for its Windows Insider subdomain

Visitors to insider.windows.com met with safety warning - how reassuring

Thomas Claburn Fri 10 Jun 2022  //  19:31 UTC

Microsoft has forgotten to renew the certificate for the web page of its Windows Insider software testing program.

Attempting to visit the Windows Insider portal was returning the familiar "Your connection is not private" warning – as if webpages larded with scripts and trackers can truly be called "private." The problem has now been fixed, and someone's no doubt getting an earful.

Browsers like Chrome, Firefox, and Safari will attempt to deter visitors from accessing the webpage, but will provide a link for those who ignore the warnings and persist on clicking through to advanced options.

We did so and lived to tell about it.

The Insider web page certificate expired on Thursday, June 9, 2022 at 4:59:59 PM Pacific Daylight Time.

Click to enlarge

Microsoft did not immediately respond to a request for comment. But clicking through the warnings on Firefox initially took this reporter to Microsoft's main Windows page with 302 and 307 redirect responses – Microsoft is redirecting requests to its expired page and so is aware of the issue.

This sort of snafu happens occasionally. In November, 2021, an expired cert affected Windows 11 version 21H2 – it prevented Windows users from opening certain apps like the snipping tool.

And in 2020, an expired authentication certificate prevented customers from accessing Microsoft Teams.

Cert expirations tend to be worse when they affect root certificates and bork services for multiple vendors and customers. The expiration of Sectigo's AddTrust legacy root certificate two years ago affected thousands of customers.

They're also rather disruptive when they occur at telecom companies, the 2018 Ericsson cert expiration that hindered communications among tens of millions of UK customers.

Maybe Window's scheduling systems aren't all they are cracked up to be. ®
Send us news
37 Comments

These Microsoft Office security signatures are 'practically worthless'

Turns out it's easy to forge documents relying on OOXML

Microsoft's GitHub under fire for DDoSing crucial open source project website

A tale of emergency firewalling, a little bit of victim blaming, and workflow scripts gone berserk

Warning: JavaScript registry npm vulnerable to 'manifest confusion' abuse

Failure to match metadata with packaged files is perfect for supply chain attacks

Microsoft's Activision fight with FTC turned up a Blizzard of docs: Here's your summary

Windows PCs in the cloud, spending Sony out of business, mobile woes, and more – and the files to read

With dead-time dump, Microsoft revealed DDoS as cause of recent cloud outages

Previous claims its own software updates were the issue remain almost, kinda, plausible

Microsoft and GitHub are still trying to derail Copilot code copyright legal fight

And so far, they might succeed: Where's the smoking gun?

Microsoft stole our stolen dark web data, says security outfit

Suit claims Redmond took far more than allowed from Hold's 360M-credential database

Google formally accuses monopolist Microsoft of trapping people in its cloud

Fight! Fight! Fight!

Latest SUSE Linux Enterprise goes all in with confidential computing

But you'll need the right hardware to take advantage

This Windows update is snarling up some endpoint security tools

Malwarebytes and Trellix upgrades to the rescue

FYI: Tor Browser is very much still a thing and getting updates

Version 12.5 brings in Finnish language support, traffic node path visualization and more

Microsoft Windows edges closer to SMB security signing fully required by default

'This is certainly the biggest change we've made since the campaign to remove SMB1'