Windows flaw threatens PC services
Published: 29 Aug 2002 07:32 BST
Microsoft said on Wednesday that a critical flaw in most versions of the company's Windows operating system could allow malicious attackers to corrupt the digital certificates that PCs use to connect to network services.
The vulnerability can be exploited via a special coded ActiveX inserted into hypertext markup language (HTML), the lingua franca of the Web. To fall victim to attack, a PC user would have to browse a Web site, or open an HTML email, specifically set up to take advantage of the vulnerability.
"(The flaw) could enable a Web page, through an extremely complex process, to invoke the (ActiveX) control in a way that would delete certificates on a user's system," Microsoft warned in an advisory released late on Wednesday.
Such digital certificates are used to hold encryption keys used in email, the encrypted files system (ESS) that is shipped with certain versions of Windows, and in the Secure Sockets Layer communications protocol used by many e-commerce Web sites. ESS is shipped in Windows 2000 and Windows XP Professional. While the flaw doesn't allow a malicious vandal to steal the certificates, it does allow the attacker to corrupt the data, rendering it useless to the PC's owner.
Depending on the certificates corrupted, the act would prevent the victim from encrypting and decrypting email, encrypting files and complicate the use of secure Web sites, Microsoft advised. The flaw occurs in the Certificate Enrollment ActiveX Control.
Microsoft suggests that all users of Windows Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000 and Windows XP patch their system immediately.
The latest advisory brings the number of such warnings by the software giant to 48 for the year.
For a weekly round-up of the enterprise IT news, sign up for the Tech Update newsletter.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
23 out of 53 people found this useful
- Share this article:
