ITsVISTA
Information that makes life easier when it comes to installing, managing, and using Windows Vista.
Start About FAQ Blogroll Shop

ITsVISTA KB-Link: KB974571

Vulnerabilities in Windows CryptoAPI Could Allow Spoofing

UpdatesDescription: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. The security update addresses the vulnerabilities by modifying the CryptoAPI to reject certificate names that contain null terminators, and to correctly validate ASN.1 object identifiers.

Update type: Important

Release date: October 13, 2009

Applies to: All versions

Knowledge base: http://support.microsoft.com/kb/974571

Download link: 32-bit | 64-bit
Comments:Here are the specifics on the vulnerabilities covered by this update:

  • Null Truncation in X.509 Common Name Vulnerability – CVE-2009-2510
  • Integer Overflow in X.509 Object Identifiers Vulnerability – CVE-2009-2511
There is a download that resolves this issue.

For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB974571.

Get notified of new posts for FREE via RSS or E-mail

Subscribe to ITsVISTA!

Related Posts