Attackers can delete digital certificates
vnunet.com, 30 Aug 2002
Microsoft has found another critical security flaw in all its versions of Windows released since Windows 98.
The flaw allows attackers to delete digital certificates. On its website the Microsoft said that an infiltrator abusing the flaw could launch an attack via email or a website to gain unauthorised entry into a system and delete the certificates.
Deleting certificates would stop a user from being able to encrypt or sign emails.
Microsoft said: "Through this vulnerability, an attacker could potentially delete digital certificates on a user's system, thereby preventing the user from having access to certain functions."
The company has rated the security flaw as "critical", and has made a patch available on its technical website.
The versions of Windows that are vulnerable include Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000 and Windows XP.
According to Microsoft, Internet Explorer software can be reconfigured to defend against an attack.
The company launched a 'trustworthy computing' campaign earlier this year to improve the security of all its software.
A Guide to Windows' Flaws and Vulnerabilities, by Bill Gates
Microsoft must keep its word over 'trustworthy computing'
Microsoft's conversion to "trustworthy computing" has less to do with protecting enterprise networks than easing the strain on the company's developers, according to a US security consultant
First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1
Google's announcement this week that it plans to step into...
Do you agree?
Have your say on this article