Microsoft Windows TLS/SSL Spoofing Vulnerability (977377) Network Vulnerability

Summary

This host installed with TLS/SSL protocol which is prone to Spoofing Vulnerability

Impact

Successful exploitation could allow remote attackers to prepend content into a legitimate, client-initiated request to a server in the context of a valid TLS/SSL-authenticated session. Impact Level: System

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/advisory/977377.mspx

Insight

The flaw is due to an error in TLS/SSL, allows a malicious man-in-the-middle attack to introduce and execute a request in the protected TLS/SSL session between a client and a server.

Affected

Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2000 Service Pack 4 and prior Microsoft Windows 2003 Service Pack 2 and prior

References

http://support.microsoft.com/kb/977377
http://www.microsoft.com/technet/security/advisory/977377.mspx
http://www.vupen.com/english/advisories/2010/0349

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3555
CVSS Base Score: 5.8
AV:N/AC:M/Au:N/C:N/I:P/A:P

Related Vulnerabilities

Gator/GAIN Spyware Installed
MS Windows taskmgr.exe Information Disclosure Vulnerability
Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
Fraudulent Digital Certificates Spoofing Vulnerability (2524375)
CA Unicenter's File Transfer Service is running

Take action and discover your vulnerabilities