Summary
This host is missing an important security update according to Microsoft Bulletin MS12-006.
Impact
Successful exploitation of this issue may allow attackers to perform limited man-in-the-middle attacks to inject data into the beginning of the application protocol stream to execute HTTP transactions, bypass authentication.
Impact Level: Windows
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms12-006
Insight
A flaw exists is due to an error in Microsoft Windows SChannel (Secure Channel), when modifying the way that the Windows Secure Channel (SChannel) component sends and receives encrypted network packets.
Affected
Microsoft Windows 7 Service Pack 1 and prior.
Microsoft Windows XP Service Pack 3 and prior.
Microsoft Windows 2K3 Service Pack 2 and prior.
Microsoft Windows Vista Service Pack 1/2 and prior.
Microsoft Windows Server 2008 Service Pack 1/2 and prior.
References
Severity
Classification
-
CVE CVE-2011-3389 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Microsoft Windows Defender Privilege Elevation Vulnerability (2847927)
- Microsoft .NET Framework Security Bypass Vulnerability (2984625)
- Microsoft SQL Server Elevation of Privilege Vulnerability (2984340) - Remote
- Microsoft SharePoint Privilege Elevation Vulnerabilities (2028554)
- Microsoft VS Team Foundation Server SignalR XSS Vulnerability (2905244)