Microsoft Windows Secure Channel (SChannel) Multiple Vulnerabilities ( 11 August 2010 )

1. TLS/SSL Renegotiation Vulnerability

A spoofing vulnerability exists in the TLS/SSL protocol, implemented in the Microsoft Windows SChannel authentication component. An attacker who successfully exploited this vulnerability would be able to introduce information on a TLS/SSL protected connection, effectively sending traffic spoofing the authenticated client.

2. SChannel Malformed Certificate Request Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the way that SChannel on a client machine validates a certificate request message sent by the server. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.