Odds and Ends: Microsoft Security Bulletin warns of Internet Explorer, Office, Outlook Breach

Microsoft Security Bulletin Microsoft has issued a security bulletin entitled "Certificate Validation Flaw Could Enable Identity Spoofing" detailing a problem that affects Office for Mac, Internet Explorer for Mac, and Outlook Express for Mac.

Microsoft has given the security breach a rating of "critical" and says administrators should apply a patch - which is not yet available for the Mac - immediately. The company's technical description is as follows:

"The vulnerability could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks. These are discussed in detail in the FAQ, but could include:

• Setting up a web site that poses as a different web site, and "proving" its identity by establishing an SSL session as the legitimate web site.
• Sending emails signed using a digital certificate that purportedly belongs to a different user.
• Spoofing certificate-based authentication systems to gain entry as a highly privileged user. More.