All versions of Windows ship with an ActiveX control known as the Certificate Enrollment Control, the purpose of which is to allow Web-based certificate enrollments. The control contains a flaw that could enable a Web page, through an extremely complex process, to invoke the control in a way that would delete certificates on a user?s system. An attacker who successfully exploited the vulnerability could corrupt trusted root certificates, EFS encryption certificates, e-mail signing certificates, and any other certificates on the system, thereby preventing the user from using these features.
A new version of the control is available that corrects the vulnerability and can be installed via the patch. As discussed in the Caveats section, customers who operate Web sites that use the Certificate Enrollment Control will need to make minor revisions to their Web applications in order to use the new control. Microsoft Knowledge Base article Q323172 details how to do this. In addition, the patch addresses a similar, but less serious vulnerability discovered in the SmartCard Enrollment control. This control ships with Windows 2000 and Windows XP. A new version of this control is also provided.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Office XP: XML Schema for Smart Tag Lists Smart tags are a powerful new feature in Microsoft Word 2002, Microsoft Excel 2002, and Microsoft Outlook 2002 (when Word is enabled as the e-mail editor). Developers can create custom solutions to label specific text with relevant contextual actions. For
Microsoft Project Server 2002 Update: August 20, 2002 The Microsoft Project Server 2002 Update: August 20, 2002 offers you the highest levels of performance and security available for Microsoft Project Server 2002. This update addresses a security issue with the Office Web Components, included with Microsoft
Network Installation Wizard, Version 2.1 for Office 97 The Network Installation Wizard version 2.1 allows you to modify Setup information files to create a customized network installation of Office 97. If you install Office in batch mode (without user interaction), Setup installs the software using the default
Exchange 2000 Server SDK Documentation and Samples March 2007 Exchange 2000 Server SDK Documentation and Samples March 2007 assist developers building applications for Exchange 2000 Server. It provides new and updated information and sample code to help you develop collaborative enterprise applications with Exchange.
BizTalk Accelerator for HIPAA 1.0 Service Pack 1 BizTalk Accelerator for HIPAA 1.0 SP1 is required for BizTalk Server 2002. You must install BizTalk Accelerator for HIPAA 1.0 SP1 before running Accelerator for HIPAA on BizTalk Server 2002. Although you can install Accelerator for HIPAA 1.0 on BizTalk Ser
Windows Mobile Professional Developer Tool Kit Windows Mobile Professional Developer Tool Kit adds documentation, sample code, header and library files, emulator images and tools to Visual Studio that let you build applications for Windows Mobile 6.5. This document contains important information about
Project Server 2003 Installation Guide Project Server 2003 Installation Guide is a guide covers the installation of Microsoft Office Project Server 2003 and Project Server 2003 Installation Guide is related components, including migrating to Project Server 2003 from Microsoft Project Server 200
Gigabyte GA-990FXA-UD3 (rev. 1.0) Microsoft UAA Driver Specifications:CPU: - AM3+ Socket: - Support for AMD AM3+ FX processors - Support for AMD AM3 Phenom II processors / AMD Athlon II processors Hyper Transport Bus: - 5200 MT/sChipset: - North Bridge: AMD 990FX - South Bridge: AMD SB950Memory: - 4 x 1.5V DD
Project 2003 Software Development Kit Project 2003 Software Development Kit is designed for solution providers, value-added resellers, and other developers to help customize Project 2003, and to extend and integrate Project Server 2003 with other applications for Enterprise Project Management.
Padlock Encryptor Demo Using an ultra-secure encryption algorithm accessed with a user-defined 8 to 15 character password, Padlock Encryptor is the ultimate in data protection for users on the go. Designed with a small footprint and compact interface to fit on small personal sto
Windows 2000 IIS5 Specialized Header Vulnerability Patch From the developer: "If an IIS server receives a file request that contains a specialized header as well as one of several particular characters at the end, the expected ISAPI extension processing may not occur. The result is that the source code of the fi
FileStream Secure Disk FileStream Secure Disk is the perfect solution for protecting sensitive information from theft and other attacks. It makes a part or all of your hard disk, USB flash drive, or removable drive, into a secure vault, which can be accessed like any drive excep
Office Password Remover Office Password Remover allows you to remove an "open" password in MS Word and Excel documents. The search for a decryption key is done on the online document decryption server, while the actual decryption is executed on your computer. This technology prov
PkiImage Free Edition pkiImage Free Edition is a software for encrypting and digitally signing images (.jpg, .bmp., .png) which operates with X.509 certificates. X.509 certificates are part of PKI infrastructure.
Using this software you can:
- encrypt images for your frien
Cryptra Cryptra is an unbreakable encryption program for sending encrypted email attachments and/or the secure uploading of off-site backup files to remote servers. One Time Pad (OTP) encryption is used with a True Random Number OTP file. This program builds you
iFufi2 iFufi2 is a PC Alarm and presence simulator program that can be used as an alarm or for scare thieves. It uses your microphone and mouse as a sensor, your speakers as an alarm siren. You can add your personal alarm sounds (wav, mp3). A series of alarm soun
EldoS PKI Tools EldoS PKI Tools is set of programs designed for encryption and signing of files using X.509 certificates and for management of these certificates. With File Processor you can easily sign, encrypt, decrypt files, or verify signatures just in a couple of cli
GoCrypt Basic GoCrypt locally encrypts your data on your smartphone, tablet or PC. After the encryption the protected files can be safely transfered to your Dropbox, GDrive or other cloud or you can safely send them via email. Thanks to the secure AES encryption directl
Protectorion Strong and quick encryption for all file types. Secure and recognized industry standard AES 256 bit. Encryption and decryption of folders and files with a mouse click. Safe transportation and exchange of encrypted files. Strong encryption for file on USB f
Supported Operating Systems:
Windows XP |
Comments on Windows Certificate Enrollment Control Vulnerability Patch (Windows XP 64-bit):
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10