Microsoft has released a security advisory (2588513) discussing a new vulnerability reported in SSL 3.0 and TLS 1.0. "This vulnerability affects the protocol itself and is not specific to the Windows operating system. This is an information disclosure vulnerability that allows the decryption of encrypted SSL/TLS traffic. This vulnerability primarily impacts HTTPS traffic, since the browser is the primary attack vector, and all web traffic served via HTTPS or mixed content HTTP/HTTPS is affected. We are not aware of a way to exploit this vulnerability in other protocols or components and we are not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers."
More information:
Microsoft Security Advisory 2588513
Is SSL broken? – More about Security Advisory 2588513
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment