Odds and Ends: Microsoft Security Bulletin warns of Internet Explorer, Office, Outlook Breach
Odds and Ends: Microsoft Security Bulletin warns of Internet Explorer, Office, Outlook Breach
Microsoft Security Bulletin Microsoft has issued a security bulletin entitled "Certificate Validation Flaw Could Enable Identity Spoofing" detailing a problem that affects Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac.
Microsoft has given the security breach a rating of "critical" and says administrators should apply a patch - which is not yet available for the Mac - immediately. The company's technical description is as follows:
"The vulnerability could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks. These are discussed in detail in the FAQ, but could include:
- Setting up a web site that poses as a different web site, and "proving" its identity by establishing an SSL session as the legitimate web site.
- Sending emails signed using a digital certificate that purportedly belongs to a different user.
- Spoofing certificate-based authentication systems to gain entry as a highly privileged user. More.