CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS10-049 | Vulnerabilities in SChannel could allow Remote Code Execution (980436) | Microsoft Windows | Critical | 11-08-2010 |
Technical Information
Brief overview of the risk:
This security update resolves one publicly disclosed vulnerability and one privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The more severe of these vulnerabilities could allow remote code execution if a user visits a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser.
Detailed Information on the risk:
A spoofing vulnerability exists in the TLS/SSL protocol, implemented in the Microsoft Windows SChannel authentication component. An attacker who successfully exploited this vulnerability would be able to introduce information on a TLS/SSL protected connection, effectively sending traffic spoofing the authenticated client.
Further information on this exploit is available at : MS10-049
Affected Software
Microsoft Windows Server 2003 Service Pack 2Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows XP Professional Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 for 32-bit Systems
Windows Server 2008 for 32-bit Systems Service Pack 2
Windows Server 2008 for Itanium-based Systems
Windows Server 2008 for Itanium-based Systems Service Pack 2
Windows Server 2008 for x64-based Systems
Windows Server 2008 for x64-based Systems Service Pack 2
Windows Server 2008 R2 for Itanium-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Vista Service Pack 1
Windows Vista Service Pack 2
Windows Vista x64 Edition Service Pack 1
Windows Vista x64 Edition Service Pack 2