Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)

Hotfix to fix Certificate Validation Flaw (Q329115) is not installed. The vulnerability could enable an attacker who had a valid end-entity certificate to issue a subordinate certificate that, although bogus, would nevertheless pass validation. Because CryptoAPI is used by a wide range of applications, this could enable a variety of identity spoofing attacks. Impact of vulnerability: Identity spoofing. Maximum Severity Rating: Critical Recommendation: Administrators should install the patch immediately. Affected Software: Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Me Microsoft Windows NT 4.0 Microsoft Windows NT 4.0, Terminal Server Edition Microsoft Windows 2000 Microsoft Windows XP Microsoft Office for Mac Microsoft Internet Explorer for Mac Microsoft Outlook Express for Mac See http://www.microsoft.com/technet/security/bulletin/ms02-050.mspx