On Friday, September 6th, Microsoft admitted that the way in which at least a dozen of its products (both for Windows and for the MAC) recognize digital certificates has a “critical flaw.” Microsoft has discovered that CryptoAPI, a security tool that certifies the authenticity of a software code or Web Site, may permit a Web Site to issue multiple digital certificates beyond the initial issuance of an authorized certificate. The flaw could permit hackers and identity thieves to gain access to a user’s credit card numbers, personal data, computer password, and other stored online information, previously believed to be encrypted and secure. The flaw is exploited in an innocent manner: an authorized user logs on to a designated Web Site and transacts business with that Web Site. The online information is submitted by the authorized user as part of the transaction, with the user believing that they are engaged in a secure transaction. The user is then re-directed to another Web Site, which appears to be legitimate, but is not. The security tool authenticates all of the previously entered credit card and personal information to the bogus Web Site. Microsoft urged its users to install software patches immediately for its products that have available patches. Unfortunately, Microsoft has not issued a patch yet for Windows 2000.