UpdatesDescription: This security update resolves two publicly disclosed vulnerabilities in Microsoft Windows. The vulnerabilities could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. The security update addresses the vulnerabilities by modifying the CryptoAPI to reject certificate names that contain null terminators, and to correctly validate ASN.1 object identifiers.

Update type: Important

Release date: October 13, 2009

Applies to: All versions

Knowledge base: http://support.microsoft.com/kb/974571

Download link: 32-bit | 64-bit
Comments:Here are the specifics on the vulnerabilities covered by this update:

  • Null Truncation in X.509 Common Name Vulnerability – CVE-2009-2510
  • Integer Overflow in X.509 Object Identifiers Vulnerability – CVE-2009-2511

Leave a Reply