Security Lab

Раскрытие данных в реализации TLS протокола в Microsoft Windows

Дата публикации:10.07.2012
Всего просмотров:1792
Опасность:
Низкая
Наличие исправления: Да
Количество уязвимостей:1
CVSSv2 рейтинг: 5 (AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:O/RC:C)
CVE ID: CVE-2012-1870
Вектор эксплуатации: Удаленная
Воздействие: Раскрытие важных данных
CWE ID: Нет данных
Наличие эксплоита: Нет данных
Уязвимые продукты: Microsoft Windows XP Professional
Microsoft Windows XP Home Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows 7
Уязвимые версии:
Microsoft Windows XP
Microsoft Windows 2003
Microsoft Windows Vista
Microsoft Windows 2008
Microsoft Windows 7

Описание:
Уязвимость позволяет удаленному пользователю получить доступ к важным данным.

Уязвимость существует из-за ошибки дизайна в реализации Transport Layer Security (TLS) протокола при использовании симметричных шифров в режиме CBC (например, AES). Удаленный пользователь может расшифровать части HTTPS сессий.

URL производителя: www.microsoft.com

Решение: Установите исправление с сайта производителя.

Windows XP Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?familyid=8324496f-aca4-4a86-833d-c22341e71cd3

Windows XP Professional x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=5f268365-9c18-4fc7-b11e-b1f19c4a5a2a

Windows Server 2003 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=b13e2388-01f3-46bf-97b4-612e2778477a

Windows Server 2003 x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=a0bd0591-62f8-40d1-93fa-7f0afc4fc09c

Windows Server 2003 with SP2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=b91df558-5446-4858-92af-50cfbab27ff5

Windows Vista Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=7286a6e2-9c31-493f-aae3-776f72e85503

Windows Vista x64 Edition Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=c62ec513-887c-4a42-a3cc-3e92631526ed

Windows Server 2008 for 32-bit Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=97030267-6b19-46ae-84ce-0bb1f91ab951

Windows Server 2008 for x64-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=8a5f6e84-5e5b-42c3-a5b7-65defdb0665f

Windows Server 2008 for Itanium-based Systems Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?familyid=e886c5f4-7f38-4c90-905b-a682e6a8ffd0

Windows 7 for 32-bit Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=da706b4e-7c22-4929-96d3-f8b0fa10f043

Windows 7 for 32-bit Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=da706b4e-7c22-4929-96d3-f8b0fa10f043

Windows 7 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=07518fb7-031f-4fa0-836c-8f33c247868b

Windows 7 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=07518fb7-031f-4fa0-836c-8f33c247868b

Windows Server 2008 R2 for x64-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=c9ef728f-abef-4076-bb13-7488af471aa4

Windows Server 2008 R2 for x64-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=c9ef728f-abef-4076-bb13-7488af471aa4

Windows Server 2008 R2 for Itanium-based Systems:
http://www.microsoft.com/downloads/details.aspx?familyid=49e182b5-4499-42a1-8180-9bb920e154cb

Windows Server 2008 R2 for Itanium-based Systems Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?familyid=49e182b5-4499-42a1-8180-9bb920e154cb

Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation):
http://www.microsoft.com/downloads/details.aspx?familyid=97030267-6b19-46ae-84ce-0bb1f91ab951

Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation):
http://www.microsoft.com/downloads/details.aspx?familyid=8a5f6e84-5e5b-42c3-a5b7-65defdb0665f

Windows Server 2008 R2 for x64-based Systems (Server Core installation):
http://www.microsoft.com/downloads/details.aspx?familyid=c9ef728f-abef-4076-bb13-7488af471aa4

Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation):
http://www.microsoft.com/downloads/details.aspx?familyid=c9ef728f-abef-4076-bb13-7488af471aa4
Ссылки: MS12-049: Vulnerability in TLS Could Allow Information Disclosure (2655992)