Description: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. The security update addresses the vulnerabilities by modifying the CryptoAPI to reject certificate names that contain null terminators, and to correctly validate ASN.1 object identifiers.
Update type: Important
Release date: October 13, 2009
Applies to: All versions
Knowledge base: http://support.microsoft.com/kb/974571