Welcome to the Virus Encyclopedia of Panda Security.
|worm, Trojan or backdoor. It is a group of important vulnerabilities in the Windows CryptoAPI on Windows 7/2008/Vista/2003/XP/2000 computers, which allows spoofing.|
The CryptoAPI provides services that enable application developers to add encryption/decryption of data, authentication using digital certificates, and encoding to and decoding from Abstract Syntax Notation One (ASN.1) to their Windows-based applications.
If exploited successfully, MS09-056 allows an attacking user to impersonate another user and could lead the user to make incorrect trust decisions.
MS09-056 is usually exploited by convincing a Certificate Authority trusted by the client to sign a certificate containing a malformed Object Identifier. Then, the attacking user could set up a rogue website which serves this certificate to a Windows client. This client application would then incorrectly parse the Commnon Name field and offer incorrect trust information to the user.
If you have a Windows 7/2008/Vista/2003/XP/2000 computer, it is recommended to download and apply the security patch for this vulnerability. Click here to access the web page for downloading the patch.