Information Security all in one place!

Microsoft Patches SSL BEAST; But warns of more!

In the first Patch Tuesday of 2012, Microsoft fixes an old issue and warns about a new security bypass risk.

Image representing Microsoft as depicted in Cr...

Image via CrunchBase

Microsoft is kicking off its 2012 Patch Tuesday release cycle with seven security bulletins. Among the items patched is an SSL issue that has been known publicly since at least September 2011.

The January Patch Tuesday update provides a fix for the SSL BEAST attack (an acronym for Browser Exploit Against SSL/TLS). The BEAST exploit takes advantage of a weakness in the TLS 1.0 version of SSL to decrypt encrypted HTTPS requests.

Read More: http://tinyurl.com/MS-BEAST

Bypass Security Risk; Windows Kernel: http://technet.microsoft.com/en-us/security/bulletin/ms12-001

Severity Rating: Important
Revision Note: V1.0 (January 10, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in   Microsoft Windows. The vulnerability could allow an attacker to bypass the   SafeSEH security feature in a software application. An attacker could then   use other vulnerabilities to leverage the structured exception handler to run   arbitrary code. Only software applications that were compiled using Microsoft   Visual C++ .NET 2003 can be used to exploit this vulnerability.
Advertisements

One response

  1. Pingback: Microsoft Security: Over the years…. « NetSecurityIT

Let's hear what you have to say.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s