|
|
Family: Windows : Microsoft Bulletins --> Category: infos
Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172) Vulnerability Scan
Vulnerability Scan Summary
Checks for MS Hotfix Q323172, Certificate Enrollment Flaw
Detailed Explanation for this Vulnerability Test
Synopsis :
It is possible to delete digital certificates on the remote host.
Description :
The remote host contains a version of the Certificate Enrollment
control which is vulnerable to a security flaw which may allow an
attacker to delete certificate.
To exploit this vulnerability a possible hacker must create a rogue web
server with SSL and lure the user to visit this site.
Solution :
Microsoft has released a set of patches for Windows NT, 2000 and XP :
http://www.microsoft.com/technet/security/bulletin/ms02-048.mspx
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:N/A:P/I:N/B:A)
Click HERE for more information and discussions on this network vulnerability scan.
|
