Microsoft Windows Schannel Security Feature Bypass Vulnerability

Last Update Date: 12 Mar 2015 Release Date: 11 Mar 2015 3321 Views

RISK: High Risk

High Risk

TYPE: Operating Systems - Windows OS

TYPE: Windows OS

A security feature bypass vulnerability exists in Secure Channel (Schannel) that is caused by an issue in the TLS state machine whereby a client system accepts an RSA key with a shorter key length than the originally negotiated key length. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems.

In a man-in-the-middle (MiTM) attack, an attacker could downgrade the key length of an RSA key to EXPORT-grade length in an encrypted TLS session. The attacker could then intercept and decrypt this traffic. Any Windows system connecting to a TLS server as a client is affected. An attacker who successfully exploited this vulnerability could perform MiTM attacks that could decrypt encrypted traffic.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT and Windows RT 8.1

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

Microsoft Windows Remote Desktop Protocol Denial of Service Vulnerability

11 Mar 2015 3195 Views

Next

Adobe Flash Player Multiple Vulnerabilities

16 Mar 2015 3218 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY