Summary
This host is missing a critical security update according to Microsoft Bulletin MS10-085.
Impact
Successful exploits will allow attacker to execute arbitrary code in the context of the user running the application or cause a denial of service condition.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/Bulletin/MS10-085.mspx
Insight
The flaw is caused by an error in SChannel when processing client certificates in implementations of Internet Information Services, which could allow remote attackers to cause the LSASS service to stop responding and the system to restart by sending malformed packets to a server with SSL enabled.
Affected
Microsoft Windows Vista Service Pack 2 and prior.
Microsoft Windows Server 2008 Service Pack 2 and prior.
Micorsoft Windows 7
References
Severity
Classification
-
CVE CVE-2010-3229 -
CVSS Base Score: 7.1
AV:N/AC:M/Au:N/C:N/I:N/A:C
Related Vulnerabilities
- Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (972270)
- Microsoft .NET Common Language Runtime Code Execution Vulnerability (974378)
- Microsoft .NET Framework Remote Code Execution Vulnerabilities (2878890)
- Cumulative Security Update for Internet Explorer (950759)
- Microsoft Data Access Components Remote Code Execution Vulnerabilities (2560656)