Certificate Validation Flaw Could Enable Identity Spoofing

By Thomas McGuire on
Reason for Revision:
The original version of this bulletin was released on 05 September 2002. On 09 September 2002, we updated the bulletin to advise customers that a Microsoft-issued digital certificate, used to sign device drivers, did not meet the stricter validation standards established by the patch. As a result, customers who installed the patch could see unexpected error messages when installing new hardware, or in some cases might be unable to install new hardware altogether. On 20 November 2002, we released an updated version of the patch that not only eliminates this problem, but also eliminates a newly discovered variant of the original vulnerability.

Affected Software:
Microsoft Windows 98, 98 Second Edition, Me, NT 4.0, NT 4.0 - Terminal Server Edition, 2000 & XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac

Patch availability:
Microsoft Windows 98
Windows 98 Second Edition
Windows Me
Windows NT 4.0
Windows NT 4.0 Terminal Server Edition
Windows 2000
Windows XP & Windows XP 64 Bit Edition
Microsoft Office v.X for Mac
Microsoft Office 2001 for Mac
Microsoft Office 98 for the Macintosh
Microsoft Internet Explorer for Mac (for OS 8.1 to 9.x)
Microsoft Internet Explorer for Mac (for OS X)
Microsoft Outlook Express 5.0.6 for Mac

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.