September 8, 2002	Sunday	Jamadi-us-Saani29,1423

SAN FRANCISCO, Sept 7: Microsoft Friday continued issuing patches for a “critical” flaw found in a basic software security safeguard affecting most of its popular titles, including most versions of Windows.

According to the software giant, the flaw allows hackers to forge so-called digital certificates.

These certificates are the basis for identifying a Web site’s identify, the origin of emails and, most importantly, safeguards online credit card information.

This vulnerability could enable an attacker to craft a digital certificate that, although bogus, would nevertheless be accepted as bona fide, Microsoft said in a security bulletin that’s been updated all week.

Microsoft said a range of titles have been affected by the flaw, including most versions of Windows including Windows 98 and versions issued thereafter, and Microsoft browser and email software for the Macintosh computer made by Apple.

Digital certificates are used for a variety of security-related purposes - for instance, users use them to confirm that web sites’ identities; to verify who the sender of an email was; whether it’s safe to run particular programs, and other purposes - and the ability to forge a seemingly valid certificate could allow a variety of attacks, Microsoft further stated in its security bulletin.

In essence, the company stated, the flaw would allow a hacker to masquerade as a trusted web site, gathering such sensitive data as credit card information from an unsuspecting user.

The flaw isn’t the first security certificate warning issued by Microsoft. The company last month warned that a flaw existed the could let a hacker scramble the certificates, rendering them unusable.

In the past, Microsoft products have been the subject of hacker attacks.

The company’s popular Outlook email programs have been particularly hard-hit, allowing hackers to send viruses into a users email box for later activation.—AFP