Signature Detail
Short Name |
SSL:MS-WINDOWS-TLS-BYPASS |
|---|---|
Severity |
Medium |
Recommended |
No |
Recommended Action |
Drop |
Category |
SSL |
Keywords |
Microsoft Windows SSL and TLS Security Feature Bypass |
Release Date |
2013/05/29 |
Update Number |
2268 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
SSL: Microsoft Windows SSL and TLS Security Feature Bypass
There signature detects attempts to exploit a known issue against Microsoft Windows in the way it handles SSL/TLS session version negotiation. By injecting malformed traffic into an SSL version 3 or TLS session, a man-in-the-middle attacker can exploit this vulnerability to silently downgrade the connection to SSL version 2.
Extended Description
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
Affected Products
- microsoft windows_7 (sp1:x64)
- microsoft windows_7 (sp1:x86)
- microsoft windows_7 (:x64)
- microsoft windows_7 (:x86)
- microsoft windows_8 - (-:x64)
- microsoft windows_8 - (-:x86)
- microsoft windows_rt -
- microsoft windows_server_2008 (r2:itanium)
- microsoft windows_server_2008 r2 (sp1:itanium)
- microsoft windows_server_2008 r2 (sp1:x64)
- microsoft windows_server_2008 (r2:x64)
- microsoft windows_server_2008 (sp2:itanium)
- microsoft windows_server_2008 (sp2:x64)
- microsoft windows_server_2008 (sp2:x86)
- microsoft windows_server_2012 -
- microsoft windows_vista (sp2:x64)
References
- BugTraq: 57144
- CVE: CVE-2013-0013