Summary
This host is missing an important security update according to Microsoft advisory (2868725).
Impact
Successful exploitation will allow an attacker to perform man-in-the-middle attacks and recover plain text from encrypted sessions.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://support.microsoft.com/kb/2868725
Insight
The flaw is due to security issue in RC4 stream cipher used in Transport Layer Security(TLS) and Secure Socket Layer(SSL).
Affected
Microsoft Windows 7 x32/x64 Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows 8 x32/x64
Microsoft Windows Server 2012
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVSS Base Score: 8.8
AV:N/AC:M/Au:N/C:C/I:C/A:N
Related Vulnerabilities
- Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
- Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Microsoft .NET Framework Multiple Vulnerabilities (2916607)