Microsoft: Install fix for digital certificate flaw on all copies of Windows


Microsoft: Install fix for digital certificate flaw on all copies of Windows

Cliff Saran
Microsoft has released a patch for every desktop operating system it ships to fix a major flaw in the way its Internet Explorer Web browser handles digital certificates.

Users of all versions of Windows including Windows XP, XP 64-bit Edition, Windows 2000, Windows NT 4.0 and Windows NT 4.0 Terminal Services have been advised to download the patch from the Microsoft security site.

In a security bulletin Microsoft said: "Download [the patch] now to stop a Web site or HTML e-mail from deleting digital certificates on your computer and preventing you from using the services they are associated with."

Once the patch has been downloaded Microsoft said users would need to reboot their machines. The patch is being made available today through Microsoft's Windows Update programme.

The flaw in the secure socket layer protocol that controls digital certificate authentication in Internet Explorer also affects the open source Mozilla browser. But while a patch for Mozilla has been available for a number of weeks Microsoft has only now released its fix.

Speaking last week to, Stuart Okin, chief security officer at Microsoft said a patch would take longer to develop as the SSL flaw affects the "CryptoAPI", a function of the operating system. As a result he said Microsoft needed to develop and test a patch for all versions of the Windows operating system.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy