Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-083.

Impact

Successful exploitation could allow attacker to bypass certain security restrictions. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-083

Insight

The flaw is due to error in the IP-HTTPS component, which fails to validate the certificates. This can lead to a revoked certificate being considered as valid.

Affected

Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/51500/
http://support.microsoft.com/kb/2765809
http://technet.microsoft.com/en-us/security/bulletin/ms12-083

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2549

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Microsoft Office Shared Component Security Bypass Vulnerability (2905238)
IE VBScript Handling patch (Q318089)
Microsoft Office Web Apps HTML Sanitisation Component XSS Vulnerability (2821818)
Microsoft DirectShow Elevation of Privileges Vulnerability (2975681)
Microsoft Active Directory Federation Services Information Disclosure Vulnerability (2873872)

Take action and discover your vulnerabilities