CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS15-121 | Security Update for Schannel to Address Spoofing (3081320) | Windows Vista | Critical | 11-11-2015 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow spoofing if an attacker performs a man-in-the-middle (MiTM) attack between a client and a legitimate server.
Detailed Information on the risk:
A spoofing vulnerability exists in Microsoft Windows that is caused by a weakness in all supported versions of the TLS protocol. An attacker who successfully exploited this vulnerability could impersonate a victim on any other server that uses the same credentials as those used between the client and server where the attack is initiated.
To exploit the vulnerability an attacker would first have to perform a man-in-the-middle (MiTM) attack between the client and a legitimate server. The update addresses the vulnerability by adding extended master secret binding support to all supported version of TLS.
Windows Vista Service Pack 2 To exploit the vulnerability an attacker would first have to perform a man-in-the-middle (MiTM) attack between the client and a legitimate server. The update addresses the vulnerability by adding extended master secret binding support to all supported version of TLS.
Further information on this exploit is available at : MS15-121
Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8 for x64-based Systems [2]
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2
Affected Software
Windows Vista Service Pack 2Windows Vista x64 Edition Service Pack 2
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows 7 for 32-bit Systems Service Pack 1
Windows 7 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for x64-based Systems Service Pack 1
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
Windows 8 for 32-bit Systems
Windows 8 for x64-based Systems
Windows 8 for x64-based Systems [2]
Windows 8.1 for 32-bit Systems
Windows 8.1 for x64-based Systems
Windows Server 2012 and Windows Server 2012 R2
Windows Server 2012 R2