Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-083.

Impact

Successful exploitation could allow attacker to bypass certain security restrictions. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-083

Insight

The flaw is due to error in the IP-HTTPS component, which fails to validate the certificates. This can lead to a revoked certificate being considered as valid.

Affected

Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/51500/
http://support.microsoft.com/kb/2765809
http://technet.microsoft.com/en-us/security/bulletin/ms12-083

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2549

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Microsoft Windows IIS FTP Service Information Disclosure Vulnerability (2761226)
Buffer Overflow in Windows Troubleshooter ActiveX Control (826232)
Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
Microsoft IIS FTP Connection Status Request Denial of Service Vulnerability
Microsoft Windows Media Service Handshake Sequence DoS Vulnerability

Take action and discover your vulnerabilities