ANOTHER DAY, another Windows security flaw, it seems.
This time Microsoft has posted Security Advisory 977377, which reports a vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
Microsoft claims it "is not aware of any attacks attempting to exploit the reported vulnerability" and goes on to say, "we are working on a coordinated response with our partners in the Internet Consortium for Advancement of Security on the Internet (ICASI). The TLS and SSL protocols are implemented in several Microsoft products, both client and server, and this advisory will be updated as our investigation continues."
A huge list of Microsoft software is affected, from Window 7 and Windows Server 2008 R2 all the way back to Windows XP, but the Vole has listed two mitigating factors for the vulnerability.
The first factor is that web servers running Internet Information Services (IIS) 6.0 or later in the default configuration are not affected by this vulnerability, as they are only affected when configured to require mutual authentication, an uncommon configuration. Secondly, customers are only affected when an attacker is able to successfully conduct a man-in-the-middle attack by exploiting another vulnerability, such as a local subnet attack or DNS spoofing.
The TLS flaw is not part of the Vole's extensive Patch Tuesday that it releases every month to plug the leaks in its software portfolio. This month the Vole patched 13 Security Bulletins yesterday, some of which were listed as critical, addressing 26 vulnerabilities. µ
Firm's first high-end speaker gets the thumbs up from us
Yes. Yes you can
A fantastic ultraportable that's almost devoid of innovation
Screen if you want to go faster