3046015 - Vulnerability in Schannel Could Allow Security Feature Bypass - Version: 1.1

Discussion in 'Security Alerts' started by News, Mar 6, 2015.

  1. News

    News Extraordinary Robot
    News Feed

    Joined:
    Jun 27, 2006
    Messages:
    26,189
    Likes Received:
    20
    Severity Rating: Important
    Revision Note: V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Advisory FAQ for more information.
    Summary: Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation of the vulnerability has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally issued, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers. Technologies and best practices that protect against man-in-the-middle (MiTM) attacks similarly mitigate the risks associated with the vulnerability.

    Continue reading...
     

Share This Page

Loading...