Computerworld
Home News Blogs ReviewsWhite Papers Newsletters IT Careers

resource center


Ads by TechWords

See your link here

Subscribe to our e-mail newsletters
For more info on a specific newsletter, click the title. Details will be displayed in a new window.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
More E-Mail Newsletters 
 

Print edition

Microsoft updates Windows to combat VeriSign glitch

By Linda Rosencrance
March 29, 2001 12:00 PM ET
Recommended
(0)
Digg
Share/Email

Computerworld - Microsoft Corp. today said it has completed a promised software update for all of its Windows operating system releases dating back to 1995 as part of an effort to combat a pair of fraudulent digital certificates that were mistakenly issued by VeriSign Inc.

Microsoft also plans to send e-mail messages announcing the availability of the update to more than 130,000 users who subscribe to its security mailing list. The update, which can be downloaded from Microsoft's Web site, is meant to protect Windows users from security threats posed by the invalid digital certificates issued to an imposter claiming to be a Microsoft employee.

The problem first came to light last week, when both Microsoft and Mountain View, Calif.-based VeriSign posted warnings about the fraudulent certificates (see story). Microsoft yesterday issued a new version of its advisory with detailed information about the software update.

Digital certificates are used to prove the origin and authenticity of software programs and data on the Internet, a key requirement for users who are downloading patches or software updates. VeriSign and other certificate issuers generate and digitally sign such certificates after first verifying the identity of the individual or organization that submitted the request.

But in this case, the two certificates issued by VeriSign in late January incorrectly list Microsoft as the owner. The danger, according to Microsoft, is that the fraudulent certificates "are of a type that can be used to digitally sign programs, including ActiveX controls and Office macros" -- a capability that a malicious attacker could use to try to trick users into thinking that unsafe software programs are bona fide Microsoft products.

"Because of the risk this issue poses, Microsoft has taken the unusual step of producing an update for every Windows operating system produced since 1995, regardless of whether it's normally supported or not," the software vendor said in the updated advisory. Users of all releases ranging from Windows 95 to the beta-test version of the upcoming Windows XP should install the update, Microsoft added.

The update should help ensure that software code "signed" by the two fraudulent certificates is recognized as invalid by users, the company said. After installing the update, users who try to install a program that has been authenticated by either certificate should see a warning dialogue that says the certificate has been revoked.

It would still be possible for users to override the warning and run the program, but Microsoft said it would "strongly recommend" against doing so. "The fact that a certificate has been revoked



Recommend Digg Twitter ShareThis
Email Print Send Feedback Reprints

Additional Resources

Xerox
Win a color printer!
By using solid ink technology only from Xerox, you could save up to 65% by printing color for the cost of black and white. Enter for a chance to WIN a PhaserTM 8860 network color printer!
Microsoft
Upgrade to Internet Explorer 8 today.
Save time and mitigate security risk. Deploy it now.
Sybase
NEXT-GENERATION MOBILITY PLATFORMS
In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions.

Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.

White Papers & Webcasts

Differentiating With Technical Support: JBoss Customer Support Study
JBoss' expert technical support services is clearly acknowledged by its client base. The comprehensive nature by which their service is unsurpassed. Every category...  

Managing And Protecting Your Ever Increasing Mobile Assets
(Source: Absolute Software) Your users are becoming more mobile each day. This is great for productivity - yet challenging for IT control. Natalie...

The JBoss SOA Assessment Tool: Spend Less, Do More
SOA does not have to be overly complex or expensive. The JBoss SOA Assessment Tool can help you chart a course to a...  

IDC Webcast: Linux Adoption in a Global Recession
Join Al Gillen from IDC and Michael Applebaum from Novell in this on-demand webcast to see how Linux has emerged as an even...

The CIO's New Guide to Design of Global IT Infrastructure
Is it possible to eliminate the impact of distance? This paper explores the 5 key principles successful CIOs are using to redesign IT...  

Novell Opens PR Video
Is the Linux desktop for me? Customers are looking for ways to be more flexible and save money. Using Linux offers a great...

IBM Lotus Notes Performance Brief
This is a Performance Brief that illustrates how Riverbed Steelhead appliances accelerate Lotus Notes R7....  

2 Minutes to IT workload automation
Take just 2 minutes to watch this short CONTROL-M flash video. Well show you how BMC CONTROL-M can put money back into your...

Business Value of Performance IDC Whitepaper
Are you looking for a comprehensive solution that addresses insufficient or congested bandwidth, impaired application performance, slow remote backup and replication or obstacles...  

Security Configuration Management
In this web video, follow along with Jim Hansen, Senior Product Manager with Big Fix, as he explains why Security Configuration Management is...

All White Papers | All Webcasts

Computerworld Reports

An Interactive eBook: Enterprise Security

The Business Case for Server Virtualization

Computerworld Technology Briefing: Intelligent Users Use Business Intelligence

All Computerworld Reports
 
About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map
CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures
IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of
Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.