Title

Microsoft TLS Protocol Information Disclosure Vulnerability (Cat II impact)

Discussion

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft bulletin MS12-049 (2655992) Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86, x64 and Itanium) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86, x64 and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64 and Itanium) Server Core installation option Windows Server 2008 SP2 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64) Verify the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Schannel.dll Windows XP SP3 - 5.1.2600.6239 Windows XP SP2 x64 - 5.2.3790.5014 Windows 2003 - 5.2.3790.5014 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18643 or 22869 Windows 7 / 2008 R2 - 6.1.7600.17035 or 21225 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17856 or 22010

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-33310

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.