Microsoft Windows Unauthorized Digital Certificates Spoofing Vulnerability (2718704) Network Vulnerability

Summary

The host is installed with Microsoft Windows operating system and is prone to digital certificates spoofing vulnerability.

Impact

Successful exploitation will allow remote attackers to spoof content, perform phishing attacks or perform man-in-the-middle attacks. Impact Level: System

Solution

Apply the Patch from below link, http://technet.microsoft.com/en-us/security/advisory/2718704

Insight

The flaw is due to unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks.

Affected

Windows 7 Service Pack 1 and prior Windows XP Service Pack 3 and prior Windows Vista Service Pack 2 and prior Windows Server 2003 Service Pack 2 and prior Windows Server 2008 Service Pack 2 and prior

References

http://securitytracker.com/id/1027114
http://support.microsoft.com/kb/2718704
http://technet.microsoft.com/en-us/security/advisory/2718704
http://www.theregister.co.uk/2012/06/04/microsoft_douses_flame/print.html

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Quicktime player/plug-in Heap overflow
Mozilla/Firefox default installation file permission flaw
Opera web browser address bar spoofing weakness
PuTTY SSH2 authentication password persistence weakness
Microsoft Internet Explorer XSS Vulnerability - July09

Take action and discover your vulnerabilities