Interesting People mailing list archives
IP: Microsoft releases Erroneous VeriSign-Issued Digital Certificate Spoofing Hazard Patch
From: David Farber <dave () farber net>
Date: Sat, 31 Mar 2001 09:48:49 -0500
Date: Sat, 31 Mar 2001 05:58:27 -0800 From: Rick Hornbeck <rick_hornbeck () pacbell net> Subject: Microsoft releases Erroneous VeriSign-Issued Digital Certificate Spoofing Hazard Patch To: dave () farber net X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) Importance: High Dave: This may be of interest to your readers. For some reason this hasn't received the 'buzz' it deserves, given its potentially serious ramifications. Regards, ------------------------------------------ Rick Hornbeck Hornbeck Consulting 556 S. Fair Oaks Ave., Suite 346 Pasadena, CA 91105 Rick_Hornbeck () pacbell net (cell) +1 323 363-2151 (efax) +1 603 947-5825 ------------------------------------------ According to Microsoft's Security Bulletin, posted at: http://www.microsoft.com/technet/security/bulletin/MS01-017.asp the Erroneous VeriSign-Issued Digital Certificate Spoofing Hazard Patch can be downloaded at: http://www.microsoft.com/downloads/release.asp?ReleaseID=28888 and which contains the following note: This update resolves the "Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard" security vulnerability, and is discussed in Microsoft Security Bulletin MS01-017. Download now to prevent an unauthorized user from running code on your computer by digitally signing programs as "Microsoft Corporation." VeriSign, Inc. issued two VeriSign digital certificates to an individual who fraudulently claimed to be a Microsoft employee; this allows the individual to sign programs, ActiveX® controls, Office macros, and other executable content as originating from "Microsoft Corporation." This update prevents the two erroneously signed certificates from being accepted as valid. =========================== ------------------------------------------ Rick Hornbeck Hornbeck Consulting 556 S. Fair Oaks Ave., Suite 346 Pasadena, CA 91105 Rick_Hornbeck () pacbell net (cell) +1 323 363-2151 (efax) +1 603 947-5825 ------------------------------------------
For archives see: http://www.interesting-people.org/
Current thread:
- IP: Microsoft releases Erroneous VeriSign-Issued Digital Certificate Spoofing Hazard Patch David Farber (Mar 31)