Microsoft Windows TLSv1 Denial of Service Vulnerability ( 13 October 2010 )
Last Update Date:
28 Jan 2011
Release Date:
13 Oct 2010
4538
Views
RISK: Medium Risk
A denial of service vulnerability exists in the way that SChannel processes client certificates in implementations of Internet Information Services (IIS) 7.0 on Windows Server 2008 and Windows Vista, and in IIS 7.5 on Windows Server 2008 R2 and Windows 7. A remote, anonymous attacker could send a specially crafted network packet to the affected system that would cause the LSASS service to stop responding and the system to restart. Systems are only affected if SSL is enabled, which is not a default configuration.
Impact
- Denial of Service
System / Technologies affected
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows Server 2008 R2
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Download locations for this patch
- Windows Vista Service Pack 1 and Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1 and Windows Vista x64 Edition Service Pack 2
- Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
Vulnerability Identifier
Source
Related Link
Share with