Microsoft Windows IP-HTTPS Component Security Feature Bypass Vulnerability (2765809) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS12-083.

Impact

Successful exploitation could allow attacker to bypass certain security restrictions. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-083

Insight

The flaw is due to error in the IP-HTTPS component, which fails to validate the certificates. This can lead to a revoked certificate being considered as valid.

Affected

Microsoft Windows Server 2008 R2 x64 Edition Service Pack 1 and prior

References

http://secunia.com/advisories/51500/
http://support.microsoft.com/kb/2765809
http://technet.microsoft.com/en-us/security/bulletin/ms12-083

Updated on 2015-03-25

Severity

Classification

CVE CVE-2012-2549
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Microsoft Report Viewer Information Disclosure Vulnerability (2578230)
Microsoft .NET Framework Chart Control Information Disclosure Vulnerability (2567943)
Microsoft Exchange and Windows SMTP Service Denial of Service Vulnerability (981832)
Microsoft Windows Media Service Handshake Sequence DoS Vulnerability
Microsoft .NET Framework XML HMAC Truncation Vulnerability (981343)

Take action and discover your vulnerabilities