Microsoft Patches SSL BEAST; But warns of more!
Microsoft is kicking off its 2012 Patch Tuesday release cycle with seven security bulletins. Among the items patched is an SSL issue that has been known publicly since at least September 2011.
The January Patch Tuesday update provides a fix for the SSL BEAST attack (an acronym for Browser Exploit Against SSL/TLS). The BEAST exploit takes advantage of a weakness in the TLS 1.0 version of SSL to decrypt encrypted HTTPS requests.
Read More: http://tinyurl.com/MS-BEAST
|Severity Rating: Important
Revision Note: V1.0 (January 10, 2012): Bulletin published.
Summary: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow an attacker to bypass the SafeSEH security feature in a software application. An attacker could then use other vulnerabilities to leverage the structured exception handler to run arbitrary code. Only software applications that were compiled using Microsoft Visual C++ .NET 2003 can be used to exploit this vulnerability.
- BEAST SSL fix in supersized Patch Tuesday (go.theregister.com)
- Microsoft Slays The Beast (lumension.com)
- Microsoft finally vanquishes the BEAST-related bug (news.cnet.com)