Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Moderately critical

Microsoft Windows Certificate Chain vulnerability

-

Release Date:  2002-12-30    Last Update:  2003-01-27    Views:  21,790

Secunia Advisory SA7793

Where:

From remote

Impact:

System access

Solution Status:

Unpatched

CVE Reference(s):

No CVE references.

Description


Microsoft Windows is flawed in the way it trusts certificates. Microsoft Windows File Protection will automatically trust software that has been digitally signed with certificates rooted in any of the Trusted Root Certification Authorities.

This can be abused by malicious persons to sign any maliciously designed code and install it on systems without alerting the user, because Windows "trusts" root certificates even if they should only be used for signing SSL certificates and not signing code. This could be done anonymously by using:
http://www.freessl.com/

Also Windows is designed to trust every version of previously published code from .CAT files, this allows malicious persons to replace new code with old buggy and vulnerable code.

This problem exists even if you have applied MS02-050 to prevent ID spoofing with digital signatures.


Solution:
In our opinion no operating system or software should trust the source or origin of software or digital signatures by default. This should always be verified by a system administrator or other capable person. We recommend that you configure your Windows systems to trust as few root certificates as possible and instruct your users about the consequences (ie. they are prompted each time they enter an SSL site).

Further details available to Secunia VIM customers

Provided and/or discovered by:
Forensics.org

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Microsoft Windows Certificate Chain vulnerability

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability