Microsoft Security Notifications are signed by a public PGP Key.The latest version was downloaded and the fingerprint was checked and I confirmed it with my private PGP Key in Kleopatra. This was done successfully. The old Microsoft Key worked fine until it expired, but is still in Kleopatra and is marked in red as expired key.So far everything sounds well for me.
If I receive a new Microsoft Security Notification, the PGP Key is not verified. The status is shown as "not save" with a question mark displayed as Icon. I have no doubt, that the mail is from Microsoft, but I do not understand why it cannot be verified.
I want to stress, that I can successfully verify other PGP signatures, e.g. issued by BSI for their notifications. I am absolutely sure, that I have the current Mircrosoft key installed, the fingerprint is: 2E27 8E1A AEB4 7572 D314 7163 DF4F F904 C341 557F
I look forward to your support in this matter! THANKS