Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: Microsoft releases Erroneous VeriSign-Issued Digital Certificate Spoofing Hazard Patch

From: David Farber <dave () farber net>
Date: Sat, 31 Mar 2001 09:48:49 -0500



Date: Sat, 31 Mar 2001 05:58:27 -0800
From: Rick Hornbeck <rick_hornbeck () pacbell net>
Subject: Microsoft releases Erroneous VeriSign-Issued Digital Certificate
 Spoofing Hazard Patch
To: dave () farber net
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
Importance: High

Dave:

This may be of interest to your readers. For some reason this hasn't
received the 'buzz' it deserves, given its potentially serious
ramifications.

Regards,

------------------------------------------
Rick Hornbeck
Hornbeck Consulting
556 S. Fair Oaks Ave., Suite 346
Pasadena, CA 91105
Rick_Hornbeck () pacbell net
(cell) +1 323 363-2151
(efax) +1 603 947-5825
------------------------------------------


According to Microsoft's Security Bulletin, posted at:

http://www.microsoft.com/technet/security/bulletin/MS01-017.asp

the Erroneous VeriSign-Issued Digital Certificate Spoofing Hazard Patch can
be downloaded at:

http://www.microsoft.com/downloads/release.asp?ReleaseID=28888

and which contains the following note:

This update resolves the "Erroneous VeriSign-Issued Digital Certificates
Pose Spoofing Hazard" security vulnerability, and is discussed in Microsoft
Security Bulletin MS01-017. Download now to prevent an unauthorized user
from running code on your computer by digitally signing programs as
"Microsoft Corporation."

VeriSign, Inc. issued two VeriSign digital certificates to an individual who
fraudulently claimed to be a Microsoft employee; this allows the individual
to sign programs, ActiveX® controls, Office macros, and other executable
content as originating from "Microsoft Corporation." This update prevents
the two erroneously signed certificates from being accepted as valid.

===========================


------------------------------------------
Rick Hornbeck
Hornbeck Consulting
556 S. Fair Oaks Ave., Suite 346
Pasadena, CA 91105
Rick_Hornbeck () pacbell net
(cell) +1 323 363-2151
(efax) +1 603 947-5825
------------------------------------------




For archives see: http://www.interesting-people.org/
Previous By Date Next
Previous By Thread Next

Current thread: