Title

Microsoft SSL/TLS Information Disclosure Vulnerability (Cat I impact)

Discussion

Microsoft has released a security bulletin addressing a vulnerability in SSL 3.0 and TLS 1.0. The Transport Layer Security (TLS) Handshake Protocol is responsible for the authentication and key exchange necessary to establish or resume secure sessions. The Secure Sockets Layer (SSL) is a predecessor of the Transport Layer Security protocol. Both TLS and SSL perform the same functions and support secure network communications using a combination of public and secret key technology. To exploit this vulnerability, an attacker would inject malicious code into an HTTP response or host a compromised website forcing the browser to execute malicious code. If successfully exploited, this vulnerability would allow a remote attacker to decrypt the intercepted encrypted web traffic and obtain access to sensitive information. At this time, there are no known exploits associated with this vulnerability; USCYBERCOM is not aware of any DoD related incidents. SSL and TLS Protocols Vulnerability - CVE-2011-3389 : An information disclosure vulnerability exists in SSL 3.0 and TLS 1.0 encryption protocols. This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. The vulnerability is caused by a design flaw in the SSL and TLS protocols when Cipher-block chaining (CBC) mode of operation is used. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected.

Check Content

See IAVM notice and vendor bulletin for additional information. Microsoft Bulletin MS12-006 (2643584). Vulnerable Applications/Systems: Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 (x86 and Itanium) Windows Vista SP2 (x86 and x64) Windows Server 2008 SP2 (x86*, x64* and Itanium) Windows 7 and Windows 7 SP1 (x86 and x64) Windows Server 2008 R2 and Windows Server 2008 R2 SP1 (x64* and Itanium) *Server Core installation affected. Verify that the patch has been installed by checking that the following sample file is at the version indicated or later. See the vendor bulletin for additional information and any Vulnerable Systems\Applications not listed below. Schannel.dll Windows XP SP3 - 5.1.2600.6175 Windows XP SP2 (x64) - 5.2.3790.4935 Windows 2003 SP2 - 5.2.3790.4935 Windows Vista SP2 / 2008 SP2 - 6.0.6002.18541 or 22742 Windows 7 / 2008 R2 - 6.1.7600.16915 or 21092 Windows 7 SP1 / 2008 R2 SP1 - 6.1.7601.17725 or 21861

Fix Text

Additional Identifiers

Rule ID:

Vulnerability ID: V-31054

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.