Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-085.
Impact
Successful exploits will allow attacker to execute arbitrary code in the context of the user running the application or cause a denial of service condition.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-085.mspx
Insight
The flaw is caused by an error in SChannel when processing client certificates in implementations of Internet Information Services, which could allow remote attackers to cause the LSASS service to stop responding and the system to restart by sending malformed packets to a server with SSL enabled.
Affected
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Micorsoft Windows 7
References
Severity
Classification
-
CVE CVE-2010-3229 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Internet Explorer Vector Markup Language Remote Code Execution Vulnerability (2544521)
- Cumulative Security Update for Internet Explorer (953838)
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
- Microsoft IIS Security Bypass Vulnerability (970483)
- Checks for MS HOTFIX for snmp buffer overruns