Tweet
Microsoft has issued a security alert for a group of programs on both the Windows and Macintosh platforms.
They include:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac
Learn how this flaw could affect you
Excerpt:
"Microsoft issued a security alert, calling the flaw "critical." The flaw affects how more than a dozen Microsoft products, including programs for Windows and the Macintosh, handle digital certificates, which are used to certify the authenticity of a Web site or of software code.
The flaw could let a Web site with a valid certificate issue a second, invalid one, which could enable unauthorized access to a computer as well as, among other things, the theft of user passwords or credit card numbers.
"You're on my site and I say, 'Click here to go to Amazon.com.' But I don't really take you to Amazon.com. I can pretend to be Amazon.com and get you to enter in your credit card number," explained Gartner analyst John Pescatore.
Experts were quick to point out that, so far, it is unlikely anyone has taken advantage of the flaw , but they also say that the implications of the flaw could be widespread, since it affects one of Windows' key security-authentication mechanisms, called CryptoAPI, which is also used by many non-Microsoft programs that run on Windows. Analysts also warned that the problem, if exploited, could undermine consumers' confidence in conducting transactions over the Web. "
Download the patches for this flaw
They include:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT® 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Office for Mac
Microsoft Internet Explorer for Mac
Microsoft Outlook Express for Mac
Learn how this flaw could affect you
Excerpt:
"Microsoft issued a security alert, calling the flaw "critical." The flaw affects how more than a dozen Microsoft products, including programs for Windows and the Macintosh, handle digital certificates, which are used to certify the authenticity of a Web site or of software code.
The flaw could let a Web site with a valid certificate issue a second, invalid one, which could enable unauthorized access to a computer as well as, among other things, the theft of user passwords or credit card numbers.
"You're on my site and I say, 'Click here to go to Amazon.com.' But I don't really take you to Amazon.com. I can pretend to be Amazon.com and get you to enter in your credit card number," explained Gartner analyst John Pescatore.
Experts were quick to point out that, so far, it is unlikely anyone has taken advantage of the flaw , but they also say that the implications of the flaw could be widespread, since it affects one of Windows' key security-authentication mechanisms, called CryptoAPI, which is also used by many non-Microsoft programs that run on Windows. Analysts also warned that the problem, if exploited, could undermine consumers' confidence in conducting transactions over the Web. "
Download the patches for this flaw
Comment