BlackBerry Advisor BlackBerry reviews Win a BlackBerry

Expert Advice You Can Trust

News19,135 Articles

August 15, 2002

Security flaw is in Windows, not IE

Microsoft working on patch to fix OS

John Fontana

Microsoft has revealed that the SSL (Secure Sockets Layer) security flaw uncovered by researcher, Mike Benham, is not a problem within IE (Internet Explorer), but resides in multiple versions of the Windows operating system.

Microsoft said it is working on patches for Windows 98, Me, NT 4.0, 2000 and XP. It would not say when the patches would be available.

"This SSL flaw has been described as an [Internet Explorer] problem but it is a Windows issue…so we have to patch the OS," said Scott Culp manager of the Microsoft Security Response Centre.

He said it is an "implementation problem in the way SSL certificates are processed where information is not available in the certificate or it is available in two places and there is a conflict".

Culp said the flaw lies in code that performs validation of SSL certificate chains, meaning the hierarchy of trust that cascades from certificate authorities such as VeriSign. The OS must be patched because IE does not have its own cryptography code and must rely on the OS for that service, he said.

Microsoft officials said it makes sense for the OS to provide cryptographic services to any application that needs it instead of each application having to include its own cryptographic technology.

But Culp said the SSL flaw does not effect any other application outside IE and that it is a client side issue only.

"That's interesting, I'll have to do some more testing," said Mike Benham, an independent researcher who first reported the SSL flaw. "Possibly this is a second can of worms."

<<newer story | back to index | older story>>

Submit to:Digg Slashdot Del.icio.us Reddit

What is this?

Subscribe to PC Advisor now and claim your FREE gift

• FREE email newsletters. Get news, reviews and features straight to your inbox
• For videos of the latest products, visit PC Advisor TV
• Sign up for RSS to get the latest news and reviews, direct to your desktop
• Get PC Advisor news, reviews and blogs on your website for free

Keep up to date by adding PC Advisor News to your iGoogle home page or Google Reader

Question of the day!

Does your smartphone replace your need for a laptop when on the move?

Question of the day!

Does your smartphone replace your need for a laptop when on the move?

% of PC Advisor readers agree with you

Yes

TBC

No

TBC

Which parts of the desktop PC/laptop experience can't you get on your smartphone?

Tweet your answer here...

119 characters remaining

Follow the conversation at @SmartphoneFocus

web browsing, search facilities, voip, email, word processing everything RT @Graham_D_C

Mainly email but getting better at spreadsheets etc, RT @IDGdan

Search the web

Search reviews

Search news

Search blogs

best broadband deals

All packages Broadband bundles Broadband only

by Broadband Choices

Recent reviews

• Malwarebytes' Anti-Malware Free review
• Kodak ESP 5250 review
• Fujitsu LifeBook T4410 review
• Kodak ESP 3250 review
• Lenovo ThinkCentre A70z review
• Microsoft SideWinder X4 review
• Sony BDP-S360 review
• Acer Liquid review
• LaCie Sound2 review
• ASUS U50Vg review

Reviews index

Latest reader comments

• Jeff2 Its my family and girlfriend who use them and i just cant see the point. Facebook this...
• Bizzo. How can you HATE them if you don't use them? Surely it makes no difference that they're...
• I hate Facebook and Social networking sites. I mean, whats the actual point ? everyone who i...
• I sure do not need 1,000 characters to say that FB pisses me off. No consultation, no "would you...
• Hi Dave, Yes! apple are only doing EXACTLY THE SAME as Microsoft have done for years & years....

Latest reader comments

Top news

• ComScore: 2009 social networking stats
• Bing boings but Google grows
• Microsoft, Google join MediaTek to boost emerging market sales
• Samsung & LG to show social networking phones
• Google adds Nexus One phone support

News index

Latest blog entries

• Smartphone blogs: best apps, best phones, best freeware
• Smartphone focus: Twitter - will Apple, Google dislodge BlackBerry?
• Google plots instant translator for smartphone
• Free and friendly Windows security software? What's the catch?
• Google Books: time for a rethink?

Blogs index

 Our RSS feeds

Sponsored Content

• Take the internet to new places with the Nokia N800
  Communicate how you want to, where you want to with instant messaging, email and internet calling. View movies, browse the internet wirelessly and watch TV on the high-resolution screen and listen through high-quality stereo speakers with headphone jack.
  Buy now

Latest technology news:

• British Library to offer 65,000 free ebooks in Amazon deal
• More companies look to virtualisation says Citrix
• Antivirus programs fail to stop new malware
• NASA's Endeavour blasts off on last mission to space station
• Toyota in Prius global recall after braking software fault

Sponsored links

• New - BlackBerry Advisor Get hands-on with our exclusive Virtual BlackBerry handset and check out the latest reviews of BlackBerry smartphones and software.

• Crucial Memory Upgrades Go to Crucial.com and use either our Memory Advisor Tool or System Scanner to find a 100% compatible memory upgrade for your system, from the Best Memory Manufacturer of 2008! We offer free delivery, free technical support, and lifetime warranty.

• Award-winning Spyware Doctor with AntiVirus 2010 delivers powerful antivirus and antispyware protection using layered technologies to defend your PC. Download now for a free scan! Discover how our award-winning ThreatFire™ Behavioural Intelligence blocks new threats faster than traditional signature methods.

• PC Advisor Smartphone Focus Latest news and resources on how smartphones are facilitating mobile and flexible working in the enterprise. Find out more and join the discussion here.

• Custom built PCs Visit our website to see our full range of custom-built PCs. Customise any specification and have the order dispatched the next working day. A massive range of PCs - from £250 to £1,000-plus - and a full list of low-cost components are available.

• Free whitepaper Legal risks of uncontrolled email and web use.

• Free whitepaper Is social networking really bad for business?

• Free whitepaper Phishing for victims: Truth, myth and cybercrime.

• Free whitepaper Threat predictions, messaging security issues and trends for 2010.

• Free whitepaper Email archiving: Top 10 myths and challenges.

• Free whitepaper Managing email: Exploring common email management challenges (and how to overcome them).

CIO – Analysis | Opinion | Latest UK IT News | UK Tech News | In Depth | Security | Storage | Outsourcing | Database management | Business strategy | Enterprise software | CIO 100 Companies – Top Users of IT in the UK

ComputerworldUK.com – IT management news and opinion | Computing news | IT and Management | ICT and technology | IT career development & HR | Managing IT infrastructure | Business intelligence | IT whitepapers and research

Digital Arts – the future of Digital Design | Design news | Creative technology reviews | Graphic design tutorials | Animation and video projects | 3D, web and video forums | Design industry blogs

Macworld - Apple news and reviews | Mac Pro & MacBook reviews | Mac OS X and software | iPod, iTunes news and reviews | Professional design, music and video | Digital lifestyle - iLife and photography | Mac business applications | Mac educational computing

MacVideo – the ultimate resource for video on the Mac | Video Editing | Camera Technology | DVD Authoring | Video Encoding | Motion Graphics and VFX

Techworld - IT infrastructure & networking news and reviews | VOIP | Data storage | Network Security | Wireless Network | Network Monitoring | Operating systems and servers | Enterprise computing topic pages | Virtualisation

PC World | PC Welt | PC World Australia | PC World Norway | PC World Poland | PC World France