Certificate Validation Flaw Could Enable Identity Spoofing

By TS | Thomas
Nov 21, 2002
  1. Reason for Revision:
    The original version of this bulletin was released on 05 September 2002. On 09 September 2002, we updated the bulletin to advise customers that a Microsoft-issued digital certificate, used to sign device drivers, did not meet the stricter validation standards established by the patch. As a result, customers who installed the patch could see unexpected error messages when installing new hardware, or in some cases might be unable to install new hardware altogether. On 20 November 2002, we released an updated version of the patch that not only eliminates this problem, but also eliminates a newly discovered variant of the original vulnerability.

    Affected Software:
    Microsoft Windows 98, 98 Second Edition, Me, NT 4.0, NT 4.0 - Terminal Server Edition, 2000 & XP
    Microsoft Office for Mac
    Microsoft Internet Explorer for Mac
    Microsoft Outlook Express for Mac

    Patch availability:
    Microsoft Windows 98
    Windows 98 Second Edition
    Windows Me
    Windows NT 4.0
    Windows NT 4.0 Terminal Server Edition
    Windows 2000
    Windows XP & Windows XP 64 Bit Edition
    Microsoft Office v.X for Mac
    Microsoft Office 2001 for Mac
    Microsoft Office 98 for the Macintosh
    Microsoft Internet Explorer for Mac (for OS 8.1 to 9.x)
    Microsoft Internet Explorer for Mac (for OS X)
    Microsoft Outlook Express 5.0.6 for Mac
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...