SYMPTOMS
The Internet Engineering Task Force (IETF) profile of the
X.509 certificate standard defines several optional fields that can be included
in a digital certificate. One of these optional fields is the
Basic
Constraints field. This field indicates the maximum permitted length
of the certificate's chain and whether the certificate is a certification
authority (CA) or an end-entity certificate. However, the functions in Crypto
API that construct and validate certificate chains (
CertGetCertificateChain) do not check the
Basic Constraints field.
This vulnerability might permit an attacker who has a valid
end-entity certificate to issue a fake subordinate certificate that passes
validation. Because Crypto API is used by many programs, this might permit a
variety of identity spoofing attacks. These attacks might include:
- Setting up a Web site that poses as a different Web site,
and "proves" its identity by setting up a Secure Sockets Layer (SSL) session as
the legitimate Web site.
- Sending e-mail messages that are signed by using a digital
certificate that appears to belong to a different user.
- Spoofing certificate-based authentication systems to gain
entry as a highly privileged user.
- Digitally signing malicious software by using an
Authenticode certificate that claims to have been issued to a company that
users might trust.
For more information about this vulnerability, visit the
following Microsoft Web site:
RESOLUTION
A supported software update is now available from Microsoft as Windows CE 4.0 Core OS QFE 328464. To resolve this problem immediately, click the following article number for information about obtaining Windows CE Platform Builder and core operating system software updates:
837392 How to locate core operating system fixes for Microsoft Windows CE Platform Builder products
The global version of this
fix has the file attributes (or later) that are listed in the following table.
The dates and times for these files are listed in coordinated universal time
(UTC). When you view the file information, it is converted to local time. To
find the difference between UTC and local time, use the
Time
Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
------------------------------------------------------------------------------
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_armv4i_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_armv4t_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_armv4_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_mips16_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_mipsii_fp_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_mipsii_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_mipsiv_fp_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_mipsiv_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_sh3_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_sh4_wce40-q328464.exe
10-Oct-2002 21:20 4.0.2.1010 256,608 021010_x86_wce40-q328464.exe
The global version of this package should have the following file
attributes or later:
Date Time Version Size File name
--------------------------------------------------------------
Path: Public\Common\Oak\Lib\Armv4\Debug
02-Oct-2002 22:50 20,238 Crypt32.lib
02-Oct-2002 22:50 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Armv4\Retail
02-Oct-2002 22:40 19,816 Crypt32.lib
02-Oct-2002 22:40 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Armv4i\Debug
02-Oct-2002 23:32 20,248 Crypt32.lib
02-Oct-2002 23:32 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Armv4i\Retail
02-Oct-2002 23:21 19,832 Crypt32.lib
02-Oct-2002 23:21 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Armv4t\Debug
02-Oct-2002 23:11 20,042 Crypt32.lib
02-Oct-2002 23:11 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Armv4t\Retail
02-Oct-2002 23:01 20,038 Crypt32.lib
02-Oct-2002 23:01 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mips16\Debug
03-Oct-2002 00:34 19,600 Crypt32.lib
03-Oct-2002 00:34 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mips16\Retail
03-Oct-2002 00:23 19,288 Crypt32.lib
03-Oct-2002 00:23 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mipsii\Debug
02-Oct-2002 23:52 20,230 Crypt32.lib
02-Oct-2002 23:52 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mipsii\Retail
02-Oct-2002 23:42 19,754 Crypt32.lib
02-Oct-2002 23:42 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\MipsII_fp\Debug
03-Oct-2002 00:54 20,244 Crypt32.lib
03-Oct-2002 00:54 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\MipsII_fp\Retail
03-Oct-2002 00:44 19,762 Crypt32.lib
03-Oct-2002 00:44 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mipsiv\Debug
03-Oct-2002 00:13 20,270 Crypt32.lib
03-Oct-2002 00:13 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mipsiv\Retail
03-Oct-2002 00:03 19,772 Crypt32.lib
03-Oct-2002 00:03 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mipsiv_fp\Debug
03-Oct-2002 01:16 20,284 Crypt32.lib
03-Oct-2002 01:16 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Mipsiv_fp\Retail
03-Oct-2002 01:05 19,780 Crypt32.lib
03-Oct-2002 01:05 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Sh3\Debug
02-Oct-2002 22:07 19,412 Crypt32.lib
02-Oct-2002 22:07 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Sh3\Retail
02-Oct-2002 21:56 19,360 Crypt32.lib
02-Oct-2002 21:56 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Sh4\Debug
02-Oct-2002 22:28 19,412 Crypt32.lib
02-Oct-2002 22:28 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\Sh4\Retail
02-Oct-2002 22:17 19,360 Crypt32.lib
02-Oct-2002 22:17 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\X86\Debug
02-Oct-2002 21:46 19,116 Crypt32.lib
02-Oct-2002 21:46 77,824 Crypt32.pdb
Path: Public\Common\Oak\Lib\X86\Retail
02-Oct-2002 21:37 19,120 Crypt32.lib
02-Oct-2002 21:37 77,824 Crypt32.pdb