Flaw: Microsoft Certificate validation

Microsoft has advised a flaw in the way some of its applications handle the "Basic Constraints" field in a X.509 certificate could be exploited to spoof the identity of a user. The identity theft could be used to send digitally signed e-mail messages with the stolen certificate.

The flaw affects Windows 98 and up, NT, and XP.

For more, see the security release.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Microsoft

Show Comments