CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS12-006 | Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584) | Windows XP | Important | 11-01-2012 |
Technical Information
Brief overview of the risk:
This security update resolves a publicly disclosed vulnerability in SSL 3.0 and TLS 1.0. This vulnerability affects the protocol itself and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
Detailed Information on the risk:
An information disclosure vulnerability exists in SSL 3.0 and TLS 1.0 encryption protocols. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected.
Further information on this exploit is available at : MS12-006
Affected Software
Windows XP Service Pack 3 (KB2585542)Windows XP Professional x64 Edition Service Pack 2 (KB2585542)
Windows XP Professional x64 Edition Service Pack 2 (KB2638806)
Windows Server 2003 Service Pack 2 (KB2585542)
Windows Server 2003 Service Pack 2 (KB2638806)
Windows Server 2003 x64 Edition Service Pack 2 (KB2585542)
Windows Server 2003 x64 Edition Service Pack 2 (KB2638806)
Windows Server 2003 with SP2 for Itanium-based Systems (KB2585542)
Windows Server 2003 with SP2 for Itanium-based Systems (KB2638806)
Windows Vista Service Pack 2 (KB2585542)
Windows Vista x64 Edition Service Pack 2 (KB2585542)
Windows Server 2008 for 32-bit Systems Service Pack 2 (KB2585542)
Windows Server 2008 for x64-based Systems Service Pack 2 (KB2585542)
Windows Server 2008 for Itanium-based Systems Service Pack 2 (KB2585542)
Windows 7 for 32-bit Systems (KB2585542)
Windows 7 for 32-bit Systems Service Pack 1 (KB2585542)
Windows 7 for x64-based Systems (KB2585542)
Windows 7 for x64-based Systems Service Pack 1 (KB2585542)
Windows Server 2008 R2 for x64-based Systems (KB2585542)
Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB2585542)
Windows Server 2008 R2 for Itanium-based Systems (KB2585542)
Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 (KB2585542)