(MS10-085) Vulnerability in SChannel Could Allow Denial of Service (2207566)
Publish Date: 20 febbraio 2013
Gravità: : Alto
Identificatori CVE: CVE-2010-3229
Data notifica: 20 febbraio 2013
Descrizione
This security update addresses a vulnerability in the Secure Channel (SChannel) security package in Windows that could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.
* Note: This security update does not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option.
Informazioni esposizione:
For information on patches specific to the affected software, please proceed to the Microsoft Web page.
Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):
Vulnerability ID | Identifier & Title | IDF First Pattern Version | IDF First Pattern Release Version | ||||
---|---|---|---|---|---|---|---|
CVE-2010-3229 | 1004472 - TLSv1 Denial Of Service Vulnerability | 10-032 | Oct 13, 2010 |
Soluzioni
Software e versione interessati:
- Windows 7 for 32-bit Systems
- Windows 7 for x64-based Systems
- Windows Server 2008 for 32-bit Systems
- Windows Server 2008 for Itanium-based Systems
- Windows Server 2008 for Itanium-based Systems Service Pack 2
- Windows Server 2008 for x64-based Systems
- Windows Server 2008 R2 for Itanium-based Systems
- Windows Server 2008 R2 for x64-based Systems*
- Windows Vista Service Pack 1
- Windows Vista Service Pack 2
- Windows Vista x64 Edition Service Pack 1
- Windows Vista x64 Edition Service Pack 2