Revision Note: V1.0 (October 14, 2014): Advisory published.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT for the Microsoft Extensible Authentication Protocol...
Revision Note: V1.0 (October 14, 2014): Advisory published.
Summary: Microsoft is announcing the availability of an update for supported editions of Windows 7, Windows Server 2008 R2, Windows 8, Windows 8.1, Windows Server 2012, and Windows RT for the Microsoft Extensible Authentication Protocol...
Revision Note: V1.0 (May 13, 2014): Advisory published.
Summary: Microsoft is announcing the availability of an update for Microsoft .NET Framework that disables RC4 in Transport Layer Security (TLS) through the modification of the system registry. Use of RC4 in TLS could allow an attacker to...
Original release date: April 08, 2014
Systems Affected
OpenSSL 1.0.1 through 1.0.1f
OpenSSL 1.0.2-beta
Overview
A vulnerability in OpenSSL could allow a remote attacker to expose sensitive data, possibly including user authentication credentials and secret keys, through incorrect memory...
credentials
cve-2014-0160
data exposure
exploit
heartbleed
impact
key material
memory
mitigation
openssl
patch
perfect forward secrecy
public access
public disclosure
revision history
security
security flaw
system administrators
tls
vulnerability
Revision Note: V2.0 (August 10, 2010): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-049 to address this issue. For more information about this issue, including...
Severity Rating: Important
Revision Note: V1.1 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2655992 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...
Severity Rating: Important
Revision Note: V1.2 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2785220 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...
Severity Rating: Important
Revision Note: V1.2 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2785220 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...
attacker
bulletin
cybersecurity
detection change
encryption
handshakes
important
microsoft
patch
privately reported
reoffering
security
ssl
tls
update
vulnerability
web traffic
windows
windows vista
Severity Rating: Important
Revision Note: V1.1 (July 9, 2013): Bulletin revised to announce a detection change in the Windows Vista packages for the 2655992 update to correct a Windows Update reoffering issue. This is a detection change only. Customers who have already successfully updated their...
Severity Rating: Important
Revision Note: V1.0 (January 8, 2013): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass...
Revision Note: V1.2 (September 11, 2012): Clarified that applications and services that use RSA keys for cryptography and call into the CertGetCertificateChain function could be impacted by this update. Examples of these applications and services include but are not limited to encrypted email...
Provides recommendations for organizations that use MS-CHAP v2/PPTP to implement the Protected Extensible Authentication Protocol (PEAP) in their networks. This mitigates known attacks by encapsulating the MS-CHAP v2 authentication traffic in TLS.
More...
Resolves a vulnerability in TLS that could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. All cipher suites that do not use CBC mode are not affected.
More...
Severity Rating: Important
Revision Note: V1.0 (July 10, 2012): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in TLS. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served...
Severity Rating: Important
Revision Note: V1.1 (January 18, 2012): Added MS10-085 as a bulletin replaced by the KB2585542 update for Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems, Windows Server 2008 R2 for x64-based Systems, and Windows Server 2008 R2 for...
affected systems
bulletin
cipher suites
encryption
information disclosure
kb2585542
microsoft
ms12-006
patch
public disclosure
revision
security
severity rating
ssl
status
tls
update
vulnerability
web traffic
windows 7
Consider the following scenario: - You are using a WSD (Web Services on Devices) device which supports TLS1.1 or TLS 1.2 - You are trying to connect to the WSD device. In this scenario, you cannot connect to the device by TLS1.1 or TLS 1.2. Depending on...
Link Removed
Severity Rating: Important
Revision Note: V1.0 (January 10, 2012): Bulletin published.
Summary: This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows...
Fixes a problem in Windows 2008 R2 in which any application or service that calls the InitializeSecurityContext function together with the ISC_REQ_EXTENDED_ERROR flag may encounter TLS negotiation failure.
Link Removed
Revision Note: V1.0 (September 26, 2011): Advisory published.
Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the...