A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / Ushauri wa Usalama / Vyeti vya Kidijiti vilivyotolewa kiholela vinaweza kuruhusu udanganyifu

Vyeti vya Kidijiti vilivyotolewa kiholela vinaweza kuruhusu udanganyifu

TZCERT – 2014-06: Tahadhari ya Shambulio
Vyeti vya kidijiti vilivyotolewa kiholela vinaweza  kuruhusu udanganyifu

Tarehe ya Toleo la Kwanza: 14-07-2014

Tarehe ya Toleo la Mwisho: 14-07-2014

Chanzo: Microsoft

System Affected:

Windows Server 2003 Service Pack 2

Windows Server 2003 x64 Edition Service Pack 2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista Service Pack 2

Windows Vista x64 Edition Service Pack 2

Windows Server 2008 for 32-bit Systems Service Pack 2

Windows Server 2008 for x64-based Systems Service Pack 2

Windows Server 2008 for Itanium-based Systems Service Pack 2

Windows 7 for 32-bit Systems Service Pack 1

Windows 7 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for x64-based Systems Service Pack 1

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

Windows 8 for 32-bit Systems

Windows 8 for x64-based Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for 32-bit Systems

Windows 8.1 for x64-based Systems

Windows RT

Windows RT 8.1

Windows Server 2012

Windows Server 2012 R2

Server Core installation option

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation)

Windows Server 2008 R2 for x64-based Systems (Server Core installation)

Windows Server 2012 (Server Core installation)

Windows Server 2012 R2 (Server Core installation)

Vitumi Vilivyoathirika:

Windows Phone 8 na Windows Phone 8.1

Hali Ilivyo

SSL iliyotolewa kiholela inaweza kutumiwa kwa jaribio la kuumbua maudhui, kutekeleza mashambulio ya ulaghai au kutekeleza  mashambulizi ya ‘mtu- wa-kati’ dhidi ya rasilimali za mtandao.

Maelezo

Vyeti vya SSL vilitolewa  kwa makosa na Kituo cha Taaluma ya Taarifa (NIC) inayoongoza  Mamlaka ya Uthibitishaji (CA) ya chini/ndogo.

Athari

Viambatisho vya Usalama (Vyeti) vilivyotumiliwa vinaweza kutumiwa kwa jaribio la kuumbua maudhui, kutekeleza mashambulio ya ulaghai au kutekeleza  mashambulizi ya ‘mtu- wa-kati’ dhidi ya rasilimali za mtandao.

Utatuzi:

Microsoft inahuisha Orodha ya Uaminifu wa Viambatisho vya Usalama (vyeti)(CTL) kwa matoleo yote yanayodhaminiwa ya Microsoft Windows kuondoa uthibitisho wa vyeti  unaosababisha tatizo hili.  Watumiaji na watawala wanahimizwa kutumia mahuisho yanayostahili kama inavyotajwa kwenye julisho la Usalama la Microsoft 2982792

Marejeo

Microsoft: https://technet.microsoft.com/en-us/library/security/2982792.aspx  

Best free WordPress theme

Check Also

Uwezekano wa Mashambulizi kwa Kuingiza FrontAccounting Multiple SQL

TZCERT-2014-04: Tahadhari ya Kushambuliwa Uwezekano wa Mashambulizi kwa Kuingiza amri za SQL kwenye Programu tumizi …

DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response © Hakimiliki 2024, Haki zote zimehifadhiwa.