Iliano Cervesato

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows versions prior to the patchday that contains the fix for this issue **Description** The issue allows a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used. This occurs due to an unknown vulnerability in the PKINIT Protocol. **Recommendations** For Microsoft Windows 2000, Windows XP, and Windows Server 2003, apply the patch from the patchday that contains the fix for this issue to resolve the problem. At the moment, there is no information about a newer version that contains a fix for this vulnerability.