(MS10-085) Vulnerability in SChannel Could Allow Denial of Service (2207566)
Publish Date: 20 février 2013
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2010-3229
Date du conseil: 20 février 2013
Description
This security update addresses a vulnerability in the Secure Channel (SChannel) security package in Windows that could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.
* Note: This security update does not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option.
Information Exposure Rating:
For information on patches specific to the affected software, please proceed to the Microsoft Web page.
Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version | ||||
---|---|---|---|---|---|---|---|
CVE-2010-3229 | 1004472 - TLSv1 Denial Of Service Vulnerability | 10-032 | Oct 13, 2010 |
Solutions
Affected software and version:
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems*
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2