By Robert Lemos
Staff Writer, CNET News.com
August 28, 2002, 9:20 PM PT
Microsoft said Wednesday that a critical flaw in most versions of the company's Windows operating system could allow malicious attackers to corrupt the digital certificates that PCs use to connect to network services.
The vulnerability can be exploited via a special-coded ActiveX--a scripting language created by Microsoft to make interactivity to Web sites and applications easier--inserted into hypertext markup language (HTML), the lingua franca of the Web. To fall victim to attack, a PC user would have to browse a Web site, or open an HTML e-mail, specifically set up to take advantage of the vulnerability.