Jump to content
  • Checkout
  • Login
  • Get in touch


The e-commerce.

Vulnerability with SSL and Windows


Recommended Posts

Microsoft warns of new critical flaw in Windows


Microsoft has admitted there is another 'critical' flaw in Windows which could allow a hacker to take control of a vulnerable machine.

The flaw is the result of an unchecked buffer in the ASN.1 Library in many versions of Windows. A programmer who managed to generate a buffer overflow by exploiting the vulnerability can obtain full privileges on the machine and can change or delete data or run malicious code on the target system. ASN.1 (Abstract Syntax Notation 1) is an industry standard method of normalisation of data across various platforms.


The flaw was identified by eEye Securities in July last year although Microsoft has only now got round to admitting the problem and issuing a fix. eEye says that because the ASN.1 library is widely used by Windows security subsystems, the vulnerability can be accessed through various routes such as Kerberos, NTLMv2 authentication, and applications that make use of certificates such as SSL, digitally-signed e-mail and signed ActiveX controls.


Amongst the vulnerable versions of Windows affected are Windows NT Workstation 4.0 Service Pack 6a, Windows NT Server 4.0 Service Pack 6a, Windows NT Server 4.0 Terminal Server Edition Service Pack 6, Windows 2000 Service Packs 2, 3, and 4, Windows XP, Windows XP Service Pack , Windows XP 64-Bit Edition, Windows XP 64-Bit Edition Service Pack 1, Windows XP 64-Bit Edition Version 2003, Windows XP 64-Bit Edition Version 2003 Service Pack 1 and Windows Server 2003, Windows Server 2003 64-Bit Edition. Microsoft has issued patches for all these systems, which can be found here.


This latest alert follows the announcement of several 'critical' flaws found in Internet Explorerlast week. Microsoft has recently announced that security is its 'top priority'.


Steve Malone

Could this vulnerability and the recent patches be what is affecting some peoples sites SSL as discussed in several topics in the forum lately?

No longer giving free advice. Please place deposit in meter slot provided.  Individual: [=] SME: [==] Corporation: [===]
If deposit does not fit one of the slots provided then you are asking too much! :P

Is your Osc dated try Phoenix  raising oscommerce from the ashes.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...