MS15-055 - Important: Vulnerability in Schannel Could Allow Information Disclosure...

News

Extraordinary Robot
News Feed
#1
Severity Rating: Important
Revision Note: V1.0 (May 12, 2015): Bulletin published.
Summary: This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow information disclosure when Secure Channel (Schannel) allows the use of a weak Diffie-Hellman ephemeral (DFE) key length of 512 bits in an encrypted TLS session. Allowing 512-bit DHE keys makes DHE key exchanges weak and vulnerable to various attacks. A server needs to support 512-bit DHE key lengths for an attack to be successful; the minimum allowable DHE key length in default configurations of Windows servers is 1024 bits.

Continue reading...
 


This website is not affiliated, owned, or endorsed by Microsoft Corporation. It is a member of the Microsoft Partner Program.
Top