SYMPTOMS
The Internet Engineering Task Force (IETF) profile of the
X.509 certificate standard defines several optional fields that can be included
in a digital certificate. One of these optional fields is the
Basic
Constraints field. This field indicates the maximum permitted length
of the certificate's chain and whether the certificate is a certification
authority (CA) or an end-entity certificate. However, the functions in Crypto
API that construct and validate certificate chains (
CertGetCertificateChain) do not check the
Basic Constraints field.
This vulnerability might permit an attacker who has a valid
end-entity certificate to issue a fake subordinate certificate that passes
validation. Because Crypto API is used by many programs, this might permit a
variety of identity spoofing attacks. These attacks might include:
- Setting up a Web site that poses as a different Web site,
and "proves" its identity by setting up a Secure Sockets Layer (SSL) session as
the legitimate Web site.
- Sending e-mail messages that are signed by using a digital
certificate that appears to belong to a different user.
- Spoofing certificate-based authentication systems to gain
entry as a highly privileged user.
- Digitally signing malicious software by using an
Authenticode certificate that claims to have been issued to a company that
users might trust.
For more information about this vulnerability, visit the
following Microsoft Web site:
RESOLUTION
A supported software update is now available from Microsoft as Windows CE 3.0 Core OS QFE 328463. To resolve this problem immediately, click the following article number for information about obtaining Windows CE Platform Builder and core operating system software updates:
837392 How to locate core operating system fixes for Microsoft Windows CE Platform Builder products
The global version of this
fix has the file attributes (or later) that are listed in the following table.
The dates and times for these files are listed in coordinated universal time
(UTC). When you view the file information, it is converted to local time. To
find the difference between UTC and local time, use the
Time
Zone tab in the Date and Time tool in Control Panel.
Date Time Version Size File name
----------------------------------------------------------------------------
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_arm720_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_ppc403_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_ppc821_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_r3000_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_r4100_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_r4111_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_r4300_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_sa1100_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_sh3_wce30-q328463.exe
18-Dec-2002 02:07 3.0.2.1217 256,600 021217_sh4_wce30-q328463.exe
18-Dec-2002 02:08 3.0.2.1217 256,600 021217_thumb_wce30-q328463.exe
18-Dec-2002 02:08 3.0.2.1217 256,600 021217_x86_wce30-q328463.exe
The global version of this package should have the following file
attributes or later:
Date Time Version Size File name
------------------------------------------------------------
Path: Public\Commaddon\Oak\Lib\Arm\ARM720\Ce\Debug
14-Oct-2002 18:06 18,708 Crypt32.lib
14-Oct-2002 18:06 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Arm\ARM720\Ce\Retail
14-Oct-2002 18:05 18,616 Crypt32.lib
14-Oct-2002 18:05 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Arm\SA1100\Ce\Debug
14-Oct-2002 17:38 18,700 Crypt32.lib
14-Oct-2002 17:38 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Arm\SA1100\Ce\Retail
14-Oct-2002 17:36 18,612 Crypt32.lib
14-Oct-2002 17:36 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R3000\Ce\Debug
14-Oct-2002 17:48 19,808 Crypt32.lib
14-Oct-2002 17:48 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R3000\Ce\Retail
14-Oct-2002 17:46 19,706 Crypt32.lib
14-Oct-2002 17:46 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R4100\Ce\Debug
14-Oct-2002 17:51 19,808 Crypt32.lib
14-Oct-2002 17:51 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R4100\Ce\Retail
14-Oct-2002 17:50 19,698 Crypt32.lib
14-Oct-2002 17:50 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R4111\Ce\Debug
14-Oct-2002 17:54 18,346 Crypt32.lib
14-Oct-2002 17:54 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R4111\Ce\Retail
14-Oct-2002 17:53 18,268 Crypt32.lib
14-Oct-2002 17:53 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R4300\Ce\Debug
14-Oct-2002 17:57 19,808 Crypt32.lib
14-Oct-2002 17:57 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Mips\R4300\Ce\Retail
14-Oct-2002 17:56 19,698 Crypt32.lib
14-Oct-2002 17:56 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Ppc\PPC403\Ce\Debug
14-Oct-2002 18:00 18,990 Crypt32.lib
14-Oct-2002 18:00 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Ppc\PPC403\Ce\Retail
14-Oct-2002 17:59 18,976 Crypt32.lib
14-Oct-2002 17:59 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Ppc\PPC821\Ce\Debug
14-Oct-2002 18:03 18,990 Crypt32.lib
14-Oct-2002 18:03 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Ppc\PPC821\Ce\Retail
14-Oct-2002 18:02 18,976 Crypt32.lib
14-Oct-2002 18:02 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Shx\SH3\Ce\Debug
14-Oct-2002 17:41 18,954 Crypt32.lib
14-Oct-2002 17:41 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Shx\SH3\Ce\Retail
14-Oct-2002 17:40 18,994 Crypt32.lib
14-Oct-2002 17:40 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Shx\SH4\Ce\Debug
14-Oct-2002 17:45 18,954 Crypt32.lib
14-Oct-2002 17:45 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Shx\SH4\Ce\Retail
14-Oct-2002 17:43 18,994 Crypt32.lib
14-Oct-2002 17:43 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Thumb\ARM720\Ce\Debug
14-Oct-2002 18:09 18,908 Crypt32.lib
14-Oct-2002 18:09 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\Thumb\ARM720\Ce\Retail
14-Oct-2002 18:07 18,748 Crypt32.lib
14-Oct-2002 18:07 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\X86\I486\CE\Debug
14-Oct-2002 17:35 18,190 Crypt32.lib
14-Oct-2002 17:35 77,824 Crypt32.pdb
Path: Public\Commaddon\Oak\Lib\X86\I486\CE\Retail
14-Oct-2002 17:34 18,214 Crypt32.lib
14-Oct-2002 17:34 77,824 Crypt32.pdb