Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Off-Prem

Channel

Microsoft forgot to renew the certificate for its Windows Insider subdomain

Visitors to insider.windows.com met with safety warning - how reassuring

Thomas Claburn Fri 10 Jun 2022  //  19:31 UTC

Microsoft has forgotten to renew the certificate for the web page of its Windows Insider software testing program.

Attempting to visit the Windows Insider portal was returning the familiar "Your connection is not private" warning – as if webpages larded with scripts and trackers can truly be called "private." The problem has now been fixed, and someone's no doubt getting an earful.

Browsers like Chrome, Firefox, and Safari will attempt to deter visitors from accessing the webpage, but will provide a link for those who ignore the warnings and persist on clicking through to advanced options.

We did so and lived to tell about it.

The Insider web page certificate expired on Thursday, June 9, 2022 at 4:59:59 PM Pacific Daylight Time.

Click to enlarge

Microsoft did not immediately respond to a request for comment. But clicking through the warnings on Firefox initially took this reporter to Microsoft's main Windows page with 302 and 307 redirect responses – Microsoft is redirecting requests to its expired page and so is aware of the issue.

This sort of snafu happens occasionally. In November, 2021, an expired cert affected Windows 11 version 21H2 – it prevented Windows users from opening certain apps like the snipping tool.

And in 2020, an expired authentication certificate prevented customers from accessing Microsoft Teams.

Cert expirations tend to be worse when they affect root certificates and bork services for multiple vendors and customers. The expiration of Sectigo's AddTrust legacy root certificate two years ago affected thousands of customers.

They're also rather disruptive when they occur at telecom companies, the 2018 Ericsson cert expiration that hindered communications among tens of millions of UK customers.

Maybe Window's scheduling systems aren't all they are cracked up to be. ®
Send us news
37 Comments

Microsoft security tools questioned for treating employees as threats

Cracked Labs examines how workplace surveillance turns workers into suspects

Microsoft hosts a security summit but no press, public allowed

CrowdStrike, other vendors, friendly govt reps…but not anyone who would tell you what happened

Microsoft patches scary wormable hijack-my-box-via-IPv6 security bug and others

Plus more pain for Intel which fixed 43 bugs, SAP and Adobe also in on the action

UK competition regulator's cloud probe remedies have global implications

Egress fees? Ticked. Spend discounts? Not yet. Software licensing? Might need to shape up, Microsoft

Microsoft pushing, pushing, pushing Edge in Defender slammed as a 'dark pattern'

Is it an ad? Or serious infosec advice?

Alleged Karakut ransomware scumbag charged in US

Plus: Microsoft issues workaround for dual-boot crashes; ARRL cops to ransom payment, and more

Microsoft's Patch Tuesday borks dual-boot Linux-Windows PCs

Plus: Three-year-old ProxyOracle flaw added to CISA's exploited bugs list

Microsoft Bing Copilot accuses reporter of crimes he covered

Hallucinating AI models excel at defamation

House to grill CrowdStrike exec on epic IT meltdown... no, not the CEO

VP Adam Meyers to testify about that faulty software update which ruined July and some of August

Top companies ground Microsoft Copilot over data governance concerns

Securiti's Jack Berkowitz polled 20-plus CDOs, and half have hit pause

From Copilot to Copirate: How data thieves could hijack Microsoft's chatbot

Prompt injection, ASCII smuggling, and other swashbuckling attacks on the horizon

Rust for Linux maintainer steps down in frustration with 'nontechnical nonsense'

Community seems to C Rust more as a burden than a benefit