| ActiveMac | Anonymous | Create a User | Reviews | News | Forums | Advertise |
|
|
|
User Controls |
|
New User |
|
Login |
|
Edit/View My Profile |
|
|
|
|
|
|
|
ActiveMac |
|
Articles |
|
Forums |
|
Links |
|
News |
|
News Search |
|
Reviews |
|
|
|
|
|
|
|
News Centers |
|
Windows/Microsoft |
|
DVD |
|
ActiveHardware |
|
Xbox |
|
MaINTosh |
|
News Search |
|
|
|
|
|
|
|
ANet Chats |
|
The Lobby |
|
Special Events Room |
|
Developer's Lounge |
|
XBox Chat |
|
|
|
|
|
|
|
FAQ's |
|
Windows 98/98 SE |
|
Windows 2000 |
|
Windows Me |
|
Windows "Whistler" XP |
|
Windows CE |
|
Internet Explorer 6 |
|
Internet Explorer 5 |
|
Xbox |
|
DirectX |
|
DVD's |
|
|
|
|
|
|
|
TopTechTips |
|
Registry Tips |
|
Windows 95/98 |
|
Windows 2000 |
|
Internet Explorer 4 |
|
Internet Explorer 5 |
|
Windows NT Tips |
|
Program Tips |
|
Easter Eggs |
|
Hardware |
|
DVD |
|
|
|
|
|
|
|
Latest Reviews |
|
Applications |
|
Microsoft Windows XP Professional |
|
Norton SystemWorks 2002 |
|
|
|
Hardware |
|
Intel Personal Audio Player 3000 |
|
Microsoft Wireless IntelliMouse Explorer |
|
|
|
|
|
|
|
Site News/Info |
|
About This Site |
|
Affiliates |
|
ANet Forums |
|
Contact Us |
|
Default Home Page |
|
Link To Us |
|
Links |
|
Member Pages |
|
Site Search |
|
Awards |
|
|
|
|
|
|
|
Credits |
 |
Microsoft Security Bulletin MS01-027 : Flaws in Web Server Certificate Validation Could Enable Spoofing | |
|
||
| Time: 21:08 EST/02:08 GMT | News Source: Microsoft TechNet Security | Posted By: Will1 | ||
|
A patch is available to eliminate two newly discovered vulnerabilities affecting Internet Explorer 5.01 and 5.5, both of which could enable an attacker to spoof trusted web sites. The first vulnerability involves how digital certificates from web servers are validated. When CRL checking for such certificates is enabled, it could be possible for any or all of the following checks to no longer be performed:
The second vulnerability could enable a web page to display the URL from a different web site in the IE address bar. This spoofing could occur within a valid SSL session with the impersonated site. Both vulnerabilities could be used to convince a user that the attacker’s web site was actually a different one – one that the user presumably trusts and would provide sensitive information to. However, as discussed in the Mitigating Factors section below, there would be significant hurdles to exploiting either vulnerability. Download locations for this patch: http://www.microsoft.com/windows/ie/download/critical/q295106/default.asp | ||
|
Write Comment
Return to News |
Displaying 1 through 25 of 148 Last | Next |
The time now is
2:16:19 AM
ET.
Any comment problems? E-mail us |
| #1 By 20 (Unknown) at 5/17/2001 11:48:00 AM |
|
Would you prefer there be no patches to these bugs? If you think this is bad, check out www.redhat.com! |
|
Write Comment
Return to News |
Displaying 1 through 25 of 148 Last | Next |
The time now is
2:16:19 AM
ET.
Any comment problems? E-mail us |
