Summary
This host is missing an important security update according to Microsoft advisory (2868725).
Impact
Successful exploitation will allow an attacker to perform man-in-the-middle attacks and recover plain text from encrypted sessions.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://support.microsoft.com/kb/2868725
Insight
The flaw is due to security issue in RC4 stream cipher used in Transport Layer Security(TLS) and Secure Socket Layer(SSL).
Affected
Microsoft Windows 7 x32/x64 Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows 8 x32/x64
Microsoft Windows Server 2012
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVSS Base Score: 8.8
AV:N/AC:M/Au:N/C:C/I:C/A:N
Related Vulnerabilities
- Microsoft .NET Framework Open Data Protocol DOS Vulnerability (2769327)
- Flaw in Microsoft VM Could Allow Code Execution (810030)
- Buffer Overrun in Messenger Service (828035)
- Microsoft Internet Explorer Multiple Code Execution Vulnerabilities (974455)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)