Summary
This host is missing an important security update according to Microsoft advisory (2868725).
Impact
Successful exploitation will allow an attacker to perform man-in-the-middle attacks and recover plain text from encrypted sessions.
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://support.microsoft.com/kb/2868725
Insight
The flaw is due to security issue in RC4 stream cipher used in Transport Layer Security(TLS) and Secure Socket Layer(SSL).
Affected
Microsoft Windows 7 x32/x64 Service Pack 1 and prior Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior Microsoft Windows 8 x32/x64
Microsoft Windows Server 2012
Detection
Get the vulnerable file version and check appropriate patch is applied or not.
References
Severity
Classification
-
CVSS Base Score: 8.8
AV:N/AC:M/Au:N/C:C/I:C/A:N
Related Vulnerabilities
- Microsoft Internet Explorer Multiple Memory Corruption Vulnerabilities (2879017)
- Host Integration Server RPC Service Remote Code Execution Vulnerability (956695)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Microsoft Excel Remote Code Execution Vulnerability (956416)
- Microsoft IIS Security Bypass Vulnerability (970483)