| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS15-120 | Security Update for IPSec to Address Denial of Service (3102939) | Windows 8 | Important | 11-11-2015 |
Technical Information
Brief overview of the risk:
This security update resolves a denial of service vulnerability in Microsoft Windows. An attacker who successfully exploited the vulnerability could cause the system to become nonresponsive. To exploit the vulnerability an attacker must have valid credentials.
Detailed Information on the risk:
A denial of service vulnerability exists in Windows when the Internet Protocol Security (IPSec) service improperly handles encryption negotiation. An attacker who successfully exploited the vulnerability could cause the system to become nonresponsive.
To exploit this vulnerability an attacker must have valid credentials. An attacker could exploit this vulnerability by using a malicious application to connect to a target machine and cause the server to become nonresponsive. The update addresses the vulnerability by adding an additional check to verify encryption negotiation.
Windows 8 for 32-bit Systems To exploit this vulnerability an attacker must have valid credentials. An attacker could exploit this vulnerability by using a malicious application to connect to a target machine and cause the server to become nonresponsive. The update addresses the vulnerability by adding an additional check to verify encryption negotiation.
Further information on this exploit is available at : MS15-120
Windows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2
Windows RT 8.1
Affected Software
Windows 8 for 32-bit SystemsWindows 8 for x64-based Systems
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2
Windows RT 8.1