[PCWorks] Windows TLS/SSL Session Renegotiation Plaintext Injection Vulnerability
- From: "Clint Hamilton-PCWorks Admin" <PCWorks@xxxxxxxxxxxxxxxxxxxxxxxx>
- To: "PCWorks@xxxxxxxxxxxxx" <pcworks@xxxxxxxxxxxxx>
- Date: Wed, 11 Aug 2010 01:46:07 -0500
TITLE:
Microsoft Windows TLS/SSL Session Renegotiation Plaintext
Injection
Vulnerability
Criticality level: Less critical
Impact: Manipulation of data
Where: From remote
VERIFY ADVISORY:
http://secunia.com/advisories/40883/
DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which
can be
exploited by malicious people to manipulate certain data.
The vulnerability is caused due to an error in the TLS and SSL
protocols while handling session renegotiations. This can be
exploited via Man-in-the-Middle (MitM) attacks to insert
arbitrary
plaintext before data sent by a legitimate client in an
existing TLS
session.
This is related to:
SA37291
SOLUTION:
Apply patches.
ORIGINAL ADVISORY:
MS10-049 (KB980436):
http://www.microsoft.com/technet/security/Bulletin/MS10-049.mspx
Microsoft:
http://www.microsoft.com/technet/security/advisory/977377.mspx
=========================
The list's FAQ's can be seen by sending an email to
PCWorks-request@xxxxxxxxxxxxx with FAQ in the subject line.
To unsubscribe, subscribe, set Digest or Vacation to on or off, go to
//www.freelists.org/list/pcworks . You can also send an email to
PCWorks-request@xxxxxxxxxxxxx with Unsubscribe in the subject line. Your
member list settings can be found at
//www.freelists.org/cgi-bin/lsg2.cgi/l=pcworks . Once logged in, you have
access to numerous other email options.
The list archives are located at //www.freelists.org/archives/pcworks/ .
All email posted to the list will be placed there in the event anyone needs to
look for previous posts.
-zxdjhu-
Other related posts:
