Summary
This host is missing an important security update according to Microsoft advisory (2868725).
Impact
Successful exploitation will allow an attacker to perform man-in-the-middle attacks and recover plain text from encrypted sessions.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://support.microsoft.com/kb/2868725
Insight
The flaw is due to security issue in RC4 stream cipher used in Transport Layer Security(TLS) and Secure Socket Layer(SSL).
Affected
Microsoft Windows 7 x32/x64 Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows 8 x32/x64
Microsoft Windows Server 2012
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVSS Base Score: 8.8
AV:N/AC:M/Au:N/C:C/I:C/A:N
Related Vulnerabilities
- Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)
- Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)
- Cumulative Security Update for Internet Explorer (969897)
- Microsoft .NET Framework Privilege Elevation Vulnerability (2769324)
- Microsoft Group Policy Remote Code Execution Vulnerability (3000483)