Skip to main content

Microsoft Windows TLSv1 Denial of Service Vulnerability ( 13 October 2010 )

Last Update Date: 28 Jan 2011 Release Date: 13 Oct 2010 5470 Views

RISK: Medium Risk

A denial of service vulnerability exists in the way that SChannel processes client certificates in implementations of Internet Information Services (IIS) 7.0 on Windows Server 2008 and Windows Vista, and in IIS 7.5 on Windows Server 2008 R2 and Windows 7. A remote, anonymous attacker could send a specially crafted network packet to the affected system that would cause the LSASS service to stop responding and the system to restart. Systems are only affected if SSL is enabled, which is not a default configuration.