Vulnerabilities in Windows CryptoAPI Could Allow Spoofing
Description: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. The security update addresses the vulnerabilities by modifying the CryptoAPI to reject certificate names that contain null terminators, and to correctly validate ASN.1 object identifiers.
Update type: Important
Release date: October 13, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/974571
- Null Truncation in X.509 Common Name Vulnerability – CVE-2009-2510
- Integer Overflow in X.509 Object Identifiers Vulnerability – CVE-2009-2511
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB974571.