|
|
|
|
|
|
|
|
|
|
|
|
|||||||
|
|
|
|
|
|
|
|
|
|
September 5, 2002 Microsoft Puts Out Patch for Windows Flaw Microsoft Corp. on Thursday released a patch for the Windows flaw discovered last month that allows an attacker to generate and sign fake certificates for third-party Web sites. Article: Windows Flaw Leaves Certificates Vulnerable A serious flaw in the ActiveX control that handles Web-based certificate enrollments in all versions of Windows enables an attacker to corrupt any certificate stored on a user's machine. By exploiting this vulnerability, an intruder could access and corrupt a user's trusted root certificates, EFS (encrypted file system) encryption certificates and e-mail signing certificates, among others. The vulnerability affects all versions of Microsoft Corp.'s operating system back to Windows 98. A serious flaw in the ActiveX control that handles Web-based certificate enrollments in all versions of Windows enables an attacker to corrupt any certificate stored on a user's machine. By exploiting this vulnerability, an intruder could access and corrupt a user's trusted root certificates, EFS (encrypted file system) encryption certificates and e-mail signing certificates, among others. The vulnerability affects all versions of Microsoft Corp.'s operating system back to Windows 98. The Certificate Enrollment Control is used by Windows to submit PKCS (public key cryptography standard) #10 certificate requests and then store the certs in the user's local certificate store. In order to invoke the flawed control, an attacker would either have to entice a user to visit a Web site with the exploit code on it or to open an HTML mail message containing the malicious Web page. Microsoft has issued a patch for each individual version of Windows, which contains a new release of the vulnerable control. However, anyone who operates a Web site that uses the control will have to make some modifications to all of their Web applications in order to use the new control. The patch also contains a new version of the SmartCard Enrollment Control, which has a similar flaw. That flawed control is included in Windows 2000 and XP only.
The patch is available here (http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-048.asp) For more featured articles Join EntertainmentJobsNow.com Members Area. Click here for details... |
|
|
|
|
Home Page • Members Login • Become A Member • Contact Us • About Us • Privacy • Give Us Your Feedback ©2003 EntertainmentJobsNow.com. All Rights Reserved. Paid memberships to this site are billed by EntertainmentJobsNow.com. EntertainmentJobsNow.com is not affiliated with any of the employers posted in this site. Current jobs posted to the site are qualified prior to posting and hiring availability is at the discression of the employer and NOT EntertainmentJobsNow.com. Terms Of Use |
