The host is installed with Microsoft Windows operating system and is prone to spoofing vulnerability. This NVT has been superseded by KB2718704 Which is addressed in NVT gb_unauth_digital_cert_spoofing_vuln.nasl (OID:22.214.171.124.4.1.256126.96.36.1992634).
Successful exploitation will allow remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks against all Web browser users including users of Internet Explorer. Impact Level: System
Apply the Patch from below link, For updates refer to http://support.microsoft.com/kb/2641690
The flaw is due to an error when handling the fraudulent digital certificates issued by Entrust and GTE CyberTrust. It is not properly validating its identity.
Windows 7 Service Pack 1 and prior Windows XP Service Pack 3 and prior Windows Vista Service Pack 2 and prior Windows Server 2003 Service Pack 2 and prior Windows Server 2008 Service Pack 2 and prior
- Microsoft SMB Signing Information Disclosure Vulnerability
- Microsoft Windows Fraudulent Digital Certificates Spoofing Vulnerability
- MS IE Information Disclosure and Web Site Spoofing Vulnerabilities
- MS Windows Fraudulent Digital Certificates Spoofing Vulnerability (2641690)