News

Microsoft: Install fix for digital certificate flaw on all copies of Windows

Cliff Saran
Microsoft has released a patch for every desktop operating system it ships to fix a major flaw in the way its Internet Explorer Web browser handles digital certificates.

Users of all versions of Windows including Windows XP, XP 64-bit Edition, Windows 2000, Windows NT 4.0 and Windows NT 4.0 Terminal Services have been advised to download the patch from the Microsoft security site.

In a security bulletin Microsoft said: "Download [the patch] now to stop a Web site or HTML e-mail from deleting digital certificates on your computer and preventing you from using the services they are associated with."

Once the patch has been downloaded Microsoft said users would need to reboot their machines. The patch is being made available today through Microsoft's Windows Update programme.

The flaw in the secure socket layer protocol that controls digital certificate authentication in Internet Explorer also affects the open source Mozilla browser. But while a patch for Mozilla has been available for a number of weeks Microsoft has only now released its fix.

Speaking last week to CW360.com, Stuart Okin, chief security officer at Microsoft said a patch would take longer to develop as the SSL flaw affects the "CryptoAPI", a function of the operating system. As a result he said Microsoft needed to develop and test a patch for all versions of the Windows operating system.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy