All versions of Windows ship with an ActiveX control known as the Certificate Enrollment Control, the purpose of which is to allow Web-based certificate enrollments. The control contains a flaw that could enable a Web page, through an extremely complex process, to invoke the control in a way that would delete certificates on a user?s system. An attacker who successfully exploited the vulnerability could corrupt trusted root certificates, EFS encryption certificates, e-mail signing certificates, and any other certificates on the system, thereby preventing the user from using these features.
A new version of the control is available that corrects the vulnerability and can be installed via the patch. As discussed in the Caveats section, customers who operate Web sites that use the Certificate Enrollment Control will need to make minor revisions to their Web applications in order to use the new control. Microsoft Knowledge Base article Q323172 details how to do this. In addition, the patch addresses a similar, but less serious vulnerability discovered in the SmartCard Enrollment control. This control ships with Windows 2000 and Windows XP. A new version of this control is also provided.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Update for Office 2007 (KB934391) Microsoft has released an update for the 2007 Microsoft Office system. Update for Office 2007 (KB934391) is an update that fixes conversion issues for SmartArt objects when a document is opened in an earlier Office program when you use the Microsoft Office
Cumulative Security Update for Outlook Express 6 (KB837009) This update addresses the vulnerability discussed in Microsoft Security Bulletin MS04-013. A security issue has been identified in Microsoft Outlook Express that could allow an attacker to read files on your computer, or cause a program to run. You can hel
Microsoft Dynamics CRM 2011 E-mail Router (32-bit) Microsoft Dynamics CRM 2011 E-mail Router (32-bit) is an interface between the Microsoft Dynamics CRM system and one or more Exchange servers or POP3 servers for incoming e-mail, and one or more SMTP or Exchange servers for outgoing e-mail. E-mail messages
Security Update for Word 2003 (KB929057) A security vulnerability exists in Microsoft Office Word 2003 that could allow arbitrary code to run when a maliciously modified file is opened. This update resolves that vulnerability. This version is the first release on CNET Download.com.What is new in
Platform SDK Comctl32 Redistributables 5.80.2614.3600 (x86) Platform SDK Comctl32 Redistributables 5.80.2614.3600 (x86) is the ComCtl32 redistributable (x86) for Windows 9x and Windows NT 4.0. This version is the first release on CNET Download.com.What is new in this release:This version is the first release on CNE
GDC 2007: XNA Game Studio Express Building games for Windows and Xbox 360 has never been easier. With XNA Game Studio Express, hobbyist and casual game developers can see their visions come to light in a matter of minutes instead of months. Come see XNA Game Studio Express in action and le
xcept.me xcept.me is an invention to protect secret inside USB drives by pairing them with authorized computers. I shall no longer worry to lose my secret. Even the password is cracked, no one could access the information inside, except me.Tiny but high volume USB
Double Password Double Password creates a key to your OS, writes it onto a USB gadget and voila: no one, except you can log into your Windows. You can configure the program so, that it will allow your system to operate only if your flash drive is inserted. Double Password
IM Lock Professional 2006 IM Lock is powerful desktop Internet policy software for employers and parents. IM Lock blocks instant messengers, P2P file-sharing, streaming media applications, Online gaming, chat rooms, blogs, and browsers.Requirements:Windows NT/2000/XP/2003 ServerLim
Cipher Image Hide your valuable information from unauthorized access. Use this easy software for encoding images and hiding valuable textual info into the image (steganographie). Several encrypted images together with hidden text could be saved into one file. Easy to u
WinXAR WinXAR is a security utility which allows you to encrypt, decrypt, rename automatically and shred folders and files for Windows 98/ME/NT/2000/XP/2003. You will not worry about your sensitive or private documents any more, especially when they are emailed o
OpenOffice Calc Password Recovery Calc Password Recovery will enable you to recover lost passwords and remove protection from spreadsheets created in OpenOffice Calc. The program supports all types of spreadsheets, recovers all types of passwords and removes all types of protection.
PDF NoCopy PDF NoCopy for Desktop is simple, easy and free program that helps you, the user, to add DRM (Digital Rights Management) restrictions to your PDF file. By Adding DRM restrictions you actually disable the copy paste function in your PDF file and protect it
Keynesis Lockngo Lockngo Encrypts and password protect flash drives, portable drives, removable disks and external hard drives by encrypting their file systems and hiding their content. When locked, Lockngo does not allow writing new files and does not show the locked data
VSCryptoHash VSCryptoHash is a cryptographic hash calculation software. Simply drag and drop files (or type the text) in this calculator and hash string for the files (or for entered text) will be immediately displayed. Great tool for network administrators and webmast
StrongDisk Pro StrongDisk Pro Base is designed for secure protection of sensitive data, to which one user at a time has access. StrongDisk Pro allows: To protect any information on a NoteBook or Workstation. To hide the very fact of existence of sensitive data. Instantly
Supported Operating Systems:
Windows XP |
Comments on Windows Certificate Enrollment Control Vulnerability Patch (Windows XP 64-bit):
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10