Summary
This host is missing an important security update according to Microsoft Bulletin MS12-006.
Impact
Successful exploitation of this issue may allow attackers to perform limited man-in-the-middle attacks to inject data into the beginning of the application protocol stream to execute HTTP transactions, bypass authentication.
Impact Level: Windows
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-006
Insight
A flaw exists is due to an error in Microsoft Windows SChannel (Secure Channel), when modifying the way that the Windows Secure Channel (SChannel) component sends and receives encrypted network packets.
Affected
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.
References
Severity
Classification
-
CVE CVE-2011-3389 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft Active Directory Federation Services Information Disclosure Vulnerability (2873872)
- Microsoft SharePoint Foundation HTML Sanitisation Component XSS Vulnerability (2821818)
- Microsoft Windows Kerberos Denial of Service Vulnerability (2743555)
- Microsoft OneNote Information Disclosure Vulnerability (2816264)
- Microsoft Windows Netlogon Service Denial of Service Vulnerability (2207559)