Digital Certificate Deletion Vulnerability in Microsoft Windows

Reported August 28, 2002, by Microsoft.



·         Windows XP

·         Windows 2000

·         Windows NT 4.0

·         Windows Me

·         Windows 98 Second Edition (Win98SE)

·         Windows 98




A vulnerability exists in all versions of Microsoft Windows that could allow a potential attacker to delete digital certificates located on a vulnerable system. This vulnerability results from a flaw in the Certificate Enrollment Control (CEC) ActiveX control that Windows uses to submit and store PKCS #10-compliant certificate requests in the user’s local certificate store. An attacker who successfully exploits the vulnerability could corrupt trusted root certificates, Encrypting File System (EFS) encryption certificates, email-signing certificates, and any other certificates on the vulnerable system.




The vendor, Microsoft, has released Security Bulletin MS02-048 to address this vulnerability and recommends that affected users immediately download and apply the patch that the bulletin mentions.



Discovered by Microsoft.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.