Microsoft forgot to renew the certificate for its Windows Insider subdomain
Visitors to insider.windows.com met with safety warning - how reassuring
Microsoft has forgotten to renew the certificate for the web page of its Windows Insider software testing program.
Attempting to visit the Windows Insider portal was returning the familiar "Your connection is not private" warning – as if webpages larded with scripts and trackers can truly be called "private." The problem has now been fixed, and someone's no doubt getting an earful.
Browsers like Chrome, Firefox, and Safari will attempt to deter visitors from accessing the webpage, but will provide a link for those who ignore the warnings and persist on clicking through to advanced options.
We did so and lived to tell about it.
The Insider web page certificate expired on Thursday, June 9, 2022 at 4:59:59 PM Pacific Daylight Time.
Click to enlarge
Microsoft did not immediately respond to a request for comment. But clicking through the warnings on Firefox initially took this reporter to Microsoft's main Windows page with 302 and 307 redirect responses – Microsoft is redirecting requests to its expired page and so is aware of the issue.
- Email domain for NPM lib with 6m downloads a week grabbed by expert to make a point
- Expired cert breaks Windows 11 snipping tool, emoji panel, S Mode features, other stuff
- Xero, Slack suffer outages just as Let's Encrypt root cert expiry downs other websites, services
- Happy New Year: Jan 1, 2021 security cert expiration causes havoc for some Check Point VPN users
This sort of snafu happens occasionally. In November, 2021, an expired cert affected Windows 11 version 21H2 – it prevented Windows users from opening certain apps like the snipping tool.
And in 2020, an expired authentication certificate prevented customers from accessing Microsoft Teams.
Cert expirations tend to be worse when they affect root certificates and bork services for multiple vendors and customers. The expiration of Sectigo's AddTrust legacy root certificate two years ago affected thousands of customers.
They're also rather disruptive when they occur at telecom companies, the 2018 Ericsson cert expiration that hindered communications among tens of millions of UK customers.
Maybe Window's scheduling systems aren't all they are cracked up to be. ®
Broader topics
Narrower topics
- 2FA
- Active Directory
- AdBlock Plus
- Advanced persistent threat
- App
- Audacity
- Authentication
- Azure
- Bing
- Black Hat
- BSoD
- Bug Bounty
- Common Vulnerability Scoring System
- Cybercrime
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Database
- Data Breach
- Data Protection
- Data Theft
- DDoS
- Digital certificate
- Encryption
- Excel
- Exchange Server
- Exploit
- Firewall
- Hacker
- Hacking
- HoloLens
- IDE
- Identity Theft
- Infosec
- Internet Explorer
- Jenkins
- Kenna Security
- LibreOffice
- Map
- Microsoft 365
- Microsoft Build
- Microsoft Edge
- Microsoft Office
- Microsoft Surface
- Microsoft Teams
- NCSC
- .NET
- Office 365
- OpenOffice
- OS/2
- Outlook
- Palo Alto Networks
- Password
- Patch Tuesday
- Phishing
- Pluton
- Programming Language
- Ransomware
- Remote Access Trojan
- Retro computing
- REvil
- RSA Conference
- Search Engine
- SharePoint
- Skype
- Software License
- Spamming
- Spyware
- SQL Server
- Surveillance
- TLS
- Trojan
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Vulnerability
- Wannacry
- Web Browser
- Windows
- Windows 10
- Windows 11
- Windows 7
- Windows 8
- Windows Server
- Windows Server 2003
- Windows Server 2008
- Windows Server 2012
- Windows Server 2013
- Windows Server 2016
- Windows XP
- Xbox
- Xbox 360
- Zero trust
