Computerworld

Flaw: Microsoft Certificate validation

Microsoft has advised a flaw in the way some of its applications handle the "Basic Constraints" field in a X.509 certificate could be exploited to spoof the identity of a user. The identity theft could be used to send digitally signed e-mail messages with the stolen certificate.

The flaw affects Windows 98 and up, NT, and XP.

For more, see the security release.