MS02-050: Certificate validation flaw might permit identity spoofing

Article translations Article translations
Article ID: 329115 - View products that this article applies to.
This article was previously published under Q329115
This article replaces Microsoft Knowledge Base article 328145.

Technical updates

  • November 11, 2003: This article was updated to provide information about a new security update for customers who installed Microsoft Windows 2000 Service Pack 4 (SP4) and then installed Microsoft Internet Explorer 6 Service Pack 1 (SP1).
Expand all | Collapse all

On This Page

Symptoms

The original version of Microsoft Security Bulletin MS02-050 was released on September 5, 2002. On September 9, 2002, the bulletin was updated to advise customers that a Microsoft-issued digital certificate that was used to sign device drivers did not meet the stricter validation standards that were established by the patch. Therefore, customers who installed the patch might receive unexpected error messages when they installed new hardware, or in some cases, might not be able to install new hardware. An updated patch was released on November 20, 2002. This new patch not only prevents this problem, but also prevents a newly discovered variant of the original vulnerability.

The IETF profile of the X.509 certificate standard defines several optional fields that can be included in a digital certificate. One of these is the Basic Constraints field, which indicates the maximum permitted length of the certificate's chain and whether the certificate is a certification authority or an end-entity certificate. However, the functions in CryptoAPI that construct and validate certificate chains (the CertGetCertificateChain, CertVerifyCertificateChainPolicy, and WinVerifyTrust functions) do not check the Basic Constraints field. The same flaw, unrelated to CryptoAPI, is also present in several Microsoft products for Macintosh.

The vulnerability that was identified in the original version of the bulletin might permit an attacker who has a valid end-entity certificate to issue a subordinate certificate that, although not actually valid, passes validation. Because CryptoAPI is used by many programs, this might permit a variety of identity spoofing attacks. These might include:
  • Setting up a Web site that poses as a different Web site, and "proving" its identity by establishing an SSL session as the legitimate Web site.
  • Sending e-mail messages that are signed by using a digital certificate that purportedly belongs to a different user.
  • Spoofing certificate-based authentication systems to gain entry as a highly privileged user.
  • Digitally signing malicious software by using an Authenticode certificate that claims to have been issued to a company that users might trust.
The newly discovered vulnerability that was announced on November 20, 2002, is closely related to the vulnerability that is discussed in the original version of the bulletin. Like that vulnerability, the new vulnerability involves a flaw in the way in which certificate validation is performed. However, this vulnerability might permit an attacker to gain control over a user's computer. Because a fix for this vulnerability was not included in the original version of the patch, Microsoft strongly recommends that customers install the new patch, even if they installed the original version of the patch.

Only Microsoft Windows 98, Microsoft Windows 98 Second Edition, Microsoft Windows NT 4.0, and Microsoft Windows NT 4.0, Terminal Server Edition, are affected by this variant of the vulnerability.

Resolution

Windows XP

Service pack information

To resolve this problem, obtain the latest service pack for Microsoft Windows XP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
322389 How to obtain the latest Windows XP service pack

Update download information

The following file is available for download from the Microsoft Download Center:

All languages:
Collapse this imageExpand this image
Download
Download the Q329115 package now
Release Date: November 20, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Installation information
You must restart your computer after you apply this update. This update supports the following Setup program switches:
  • /?: Display the list of installation switches.
  • /u: Unattended mode.
  • /f: Force other programs to quit when the computer shuts down.
  • /n: Do not back up files for removal.
  • /o: Overwrite OEM files without prompting.
  • /z: Do not restart when installation is complete.
  • /q: Quiet mode (no user interaction).
  • /l: List installed hotfixes.
  • /x Extracts the files without running Setup.
For example, to install the update without any user intervention, and then not to force the computer to restart, use the following command line:
q329115_wxp_sp2_x86_enu /u /q /z
Warning Your computer is vulnerable until you restart it.
File information
The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are copied to the %WINDIR%\System32 folder:

Windows XP Home Edition and Professional
   Date         Time   Version          Size     File name
   ---------------------------------------------------------
   23-Sep-2002  20:10  5.131.2600.1123  544,256  Crypt32.dll
Windows XP 64-Bit Edition
   Date         Time   Version          Size       File name
   -----------------------------------------------------------
   23-Sep-2002  20:10  5.131.2600.1123  1,920,512  Crypt32.dll
   22-Sep-2002  02:26  5.131.2600.1123    544,256  Wcrypt32.dll

Windows 2000

Service pack information

To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Important A regression may occur when you are installing Internet Explorer 6 Service Pack 1 (SP1) on computers that are running Windows 2000 Service Pack (SP4). This regression removes the update that is discussed in this bulletin and that is provided as part of Windows 2000 SP4. Apply the updated Windows 2000 SP4 security update that is mentioned later in this article to help protect your computer from this vulnerability.

Update download information

Windows 2000 SP4
The following file is available for download from the Microsoft Download Center:
All languages:
Collapse this imageExpand this image
Download
Download the Q329115 package now
Release Date: November 11, 2003

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.
Windows 2000 SP2 and SP3
The following file is available for download from the Microsoft Download Center:
All languages:
Collapse this imageExpand this image
Download
Download the Q329115 package now
Release Date: November 20, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Note If you apply this fix on a RIS member server, you must also apply the fix on all domain controllers in your domain. If you do not, RIS clients cannot authenticate by using the user principal name (UPN) format. If you use the UPN format, you receive the following error message:
Logon error
The system cannot validate your user name, password, or domain name. Verify that your user name and domain name are correct, and then retype your password. Passwords must be typed using the correct case. Be sure the CAPS LOCK key is not pressed.

Installation Information

You must restart your computer after you apply this update. This update supports the following Setup switches:
  • /?: Display the list of installation switches.
  • /u: Unattended mode.
  • /f: Force other programs to quit when the computer shuts down.
  • /n: Do not back up files for removal.
  • /o: Overwrite OEM files without prompting.
  • /z: Do not restart when installation is complete.
  • /q: Quiet mode (no user interaction).
  • /l: List installed hotfixes.
  • /x: Extracts the files without running Setup.
For example, to install the update without any user intervention, and then not to force the computer to restart, use the following command line:
Windows 2000 SP4
windows2000-kb329115-x86-enu /u /q /z
Windows 2000 SP2 and SP3
q329115_w2k_sp4_x86_en /u /q /z
Warning Your computer is vulnerable until you restart it.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are copied to the %WINDIR%\System32 folder:
Windows 2000 SP4
   Date         Time   Version        Size    File name
   -------------------------------------------------------
   14-Jul-2003  20:18  5.0.1558.6608  90,384  Cryptdlg.dll
Windows 2000 SP2 and SP3
   Date        Time  Version           Size    File name
   --------------------------------------------------------
   26-Aug-2002 12:45 5.0.2195.5781     123,664 Adsldp.dll 
   26-Aug-2002 12:45 5.0.2195.5781     131,344 Adsldpc.dll
   26-Aug-2002 12:45 5.0.2195.5781      62,736 Adsmsext.dll 
   26-Aug-2002 12:45 5.0.2195.5992     358,160 Advapi32.dll 
   26-Aug-2002 12:45 5.0.2195.5265      42,256 Basesrv.dll 
   26-Aug-2002 12:45 5.0.2195.5855      49,424 Browser.dll 
   25-Sep-2002 16:36 5.131.2195.6072   469,776 Crypt32.dll 
   25-Sep-2002 16:36 5.0.1558.6072      90,384 Cryptdlg.dll 
   26-Aug-2002 12:45 5.0.2195.6012     135,952 Dnsapi.dll 
   07-Nov-2002 19:08 5.0.2195.6076      96,016 Dnsrslvr.dll 
   26-Aug-2002 12:45 5.0.2195.5722      45,328 Eventlog.dll 
   26-Aug-2002 12:45 5.0.2195.5907     222,992 Gdi32.dll 
   26-Aug-2002 12:45 5.0.2195.5859     145,680 Kdcsvc.dll 
   04-Jun-2002 17:31 5.0.2195.5859     199,952 Kerberos.dll 
   26-Aug-2002 12:45 5.0.2195.6011     708,880 Kernel32.dll 
   21-Aug-2002 12:27 5.0.2195.6023      71,248 Ksecdd.sys 
   22-Jul-2002 19:54 5.0.2195.5960     507,152 Lsasrv.dll 
   22-Jul-2002 19:54 5.0.2195.5960      33,552 Lsass.exe 
   26-Aug-2002 12:45 5.0.2195.4733     332,560 Msgina.dll 
   12-Aug-2002 20:54 5.0.2195.6006     108,816 Msv1_0.dll 
   26-Aug-2002 12:45 5.0.2195.5979     307,472 Netapi32.dll 
   26-Aug-2002 12:45 5.0.2195.5966     360,720 Netlogon.dll 
   06-Sep-2002 14:40 5.0.2195.6044     917,264 Ntdsa.dll 
   26-Aug-2002 12:45 5.0.2195.5936     119,568 Psbase.dll 
   26-Aug-2002 12:45 5.0.2195.6025     389,392 Samsrv.dll 
   26-Aug-2002 12:45 5.0.2195.5951     129,296 Scecli.dll 
   26-Aug-2002 12:45 5.0.2195.5951     302,864 Scesrv.dll 
   23-Oct-2002 14:05 5.0.2195.6100     138,752 Sp3res.dll 
   13-Jun-2001 01:05 5.0.2195.3727       3,856 Svcpack1.dll 
   26-Aug-2002 12:45 5.0.2195.6000     379,664 User32.dll 
   26-Aug-2002 12:45 5.0.2195.5968     369,936 Userenv.dll 
   26-Aug-2002 12:45 5.0.2195.5859      48,912 W32time.dll 
   04-Jun-2002 17:32 5.0.2195.5859      57,104 W32tm.exe 
   24-Aug-2002 14:50 5.0.2195.6028   1,642,416 Win32k.sys 
   15-Aug-2002 11:30 5.0.2195.6013     179,472 Winlogon.exe 
   26-Aug-2002 12:45 5.0.2195.5935     243,472 Winsrv.dll 
   26-Aug-2002 12:45 5.0.2195.5944     125,712 Wldap32.dll 
   22-Jul-2002 19:54 5.0.2195.5960     507,664 Lsasrv.dll 56-bit 
   07-Nov-2002 19:08 5.0.2195.6011     708,880 Kernel32.dll UniProc 
   07-Nov-2002 19:08 5.0.2195.6028   1,642,416 Win32k.sys UniProc 
   26-Aug-2002 12:45 5.0.2195.5935     243,472 Winsrv.dll UniProc
NOTE: Because of file dependencies, this update may contain additional files. This update requires Windows 2000 Service Pack 2 (SP2) or Service Pack 3 (SP3). For additional information about how to obtain the latest service pack, click the article number below to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

Windows NT 4.0

Download information

The following files, for the given language, are available for download from the Microsoft Download Center:

Windows NT Server 4.0

Collapse this imageExpand this image
Download
English Language Version

Collapse this imageExpand this image
Download
Arabic Language Version

Collapse this imageExpand this image
Download
Chinese (Simplified) Language Version

Collapse this imageExpand this image
Download
Chinese (Traditional) Language Version

Collapse this imageExpand this image
Download
Chinese (Hong Kong) Language Version

Collapse this imageExpand this image
Download
Czech Language Version

Collapse this imageExpand this image
Download
Danish Language Version

Collapse this imageExpand this image
Download
Dutch Language Version

Collapse this imageExpand this image
Download
Finnish Language Version

Collapse this imageExpand this image
Download
French Language Version

Collapse this imageExpand this image
Download
German Language Version

Collapse this imageExpand this image
Download
Hebrew Language Version

Collapse this imageExpand this image
Download
Hungarian Language Version

Collapse this imageExpand this image
Download
Italian Language Version

Collapse this imageExpand this image
Download
Japanese Language Version

Collapse this imageExpand this image
Download
Japanese NEC Language Version

Collapse this imageExpand this image
Download
Korean Language Version

Collapse this imageExpand this image
Download
Norwegian Language Version

Collapse this imageExpand this image
Download
Portuguese (Brazilian) Language Version

Collapse this imageExpand this image
Download
Russian Language Version

Collapse this imageExpand this image
Download
Spanish Language Version

Collapse this imageExpand this image
Download
Swedish Language Version

Collapse this imageExpand this image
Download
Thai Language Version

Windows NT Server 4.0, Terminal Server Edition

Collapse this imageExpand this image
Download
English Language Version

Collapse this imageExpand this image
Download
French Language Version

Collapse this imageExpand this image
Download
German Language Version

Collapse this imageExpand this image
Download
Japanese Language Version

Collapse this imageExpand this image
Download
Spanish Language Version

Release Date: November 20, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

Installation information

You must restart your computer after you apply this update. This update supports the following Setup switches:
  • /y: Perform removal (only with /m or /q).
  • /f: Force programs to be closed at shutdown.
  • /n: Do not create an Uninstall folder.
  • /z: Do not restart when the updates is completed.
  • /q: Quiet or Unattended mode with no user interface (this switch is a superset of /m).
  • /m: Unattended mode with user interface.
  • /l: List installed hotfixes.
  • /x: Extracts the files without running Setup.
For example, to install the update without any user intervention, and then to not force the computer to restart, use the following command line:
q329115i /q /z
Warning Your computer is vulnerable until you restart it.

File information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

The following files are copied to the %WINDIR%\System32 folder:

Windows NT 4.0
   Date         Time   Version         Size     File name
   ------------------------------------------------------------------
   12-Sep-2002  21:10  5.131.1878.12   372,496  Crypt32.dll
   25-Sep-2002  18:36  5.0.1558.6072    90,384  Cryptdlg.dll
   26-Sep-2002  18:38  4.86.1964.1878  143,632  Schannel.dll
   26-Sep-2002  18:38  4.87.1964.1878  112,912  Schannel.dll  128-bit
Windows NT Server 4.0, Terminal Server Edition
   Date         Time   Version         Size     File name
   ------------------------------------------------------------------
   12-Sep-2002  21:10  5.131.1878.12   372,496  Crypt32.dll
   25-Sep-2002  18:36  5.0.1558.6072    90,384  Cryptdlg.dll
   26-Sep-2002  18:38  4.86.1964.1878  143,632  Schannel.dll
   26-Sep-2002  18:38  4.87.1964.1878  112,912  Schannel.dll  128-bit
Note Because of file dependencies, this update requires Windows NT 4.0 Service Pack 6a (SP6a) or Windows NT Server 4.0, Terminal Server Edition Service Pack 6 (SP6). For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
152734 How to Obtain the Latest Windows NT 4.0 Service Pack

Windows Me, Windows 98 Second Edition, and Windows 98

Download information

The following files are available for download from the Microsoft Download Center:

Windows Millennium Edition (Me)
All languages:
Collapse this imageExpand this image
Download
Download the 329115 package now
Windows 98 and Windows 98 Second Edition
All languages:
Collapse this imageExpand this image
Download
Download the 329115 package now
Release Date: November 20, 2002

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

File information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows Millennium Edition
   Date         Time   Version        Size     File name
   --------------------------------------------------------
   12-Sep-2002  20:51  5.131.2133.6   468,752  Crypt32.dll
   25-Sep-2002  17:36  5.0.1558.6072   90,384  Cryptdlg.dll
Windows 98 and Windows 98 Second Edition
   Date         Time   Version         Size     File name
   ---------------------------------------------------------
   12-Sep-2002  20:10  5.131.1878.12   372,496  Crypt32.dll
   25-Sep-2002  17:36  5.0.1558.6072    90,384  Cryptdlg.dll
   26-Sep-2002  17:38  4.87.1964.1878  112,912  Schannel.dll

Office v. X, Office 2001, Office 98 for Mac; Outlook Express for Mac; Internet Explorer for Mac

For information about obtaining updates for these products, visit the following Microsoft Web site:
http://www.microsoft.com/mac/downloads

Status

Microsoft has confirmed that this problem may cause a degree of security vulnerability in the Microsoft products that are listed in the "Applies to" section.

Windows XP

This problem was first corrected in Microsoft Windows XP Service Pack 2.

Windows 2000

This problem was first corrected in Microsoft Windows 2000 Service Pack 4.

More information

For more information about this vulnerability, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/MS02-050.mspx
For additional information about correcting the problem that occurs if the correct file is not installed when you use QChain.exe, click the following article number to view the article in the Microsoft Knowledge Base:
815062 The correct file is not installed when you chain multiple hotfixes

Properties

Article ID: 329115 - Last Review: June 4, 2013 - Revision: 26.0
Applies to
  • Microsoft Windows XP Professional x64 Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Server 4.0 Enterprise Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Office 2001 for Mac
  • Microsoft Office 98 for Macintosh
  • Microsoft Office X for Mac Standard Edition
  • Microsoft Internet Explorer 4.01 for Macintosh
  • Microsoft Internet Explorer 4.5 for Macintosh
  • Microsoft Internet Explorer 5.0 for Macintosh
  • Microsoft Outlook Express 5.0 Macintosh Edition
Keywords: 
kbhotfixserver kbqfe atdownload kbwinxpsp2fix kbenv kbwin2ksp4fix kbsecvulnerability kbsecbulletin kbbug kbfix kbsecurity kbwinxppresp2fix KB329115

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com