(MS10-085) Vulnerability in SChannel Could Allow Denial of Service (2207566)

  Severity: HIGH
  CVE Identifier: CVE-2010-3229
  Advisory Date: FEB 20, 2013

  DESCRIPTION

This security update addresses a vulnerability in the Secure Channel (SChannel) security package in Windows that could allow denial of service if an affected Internet Information Services (IIS) server hosting a Secure Sockets Layer (SSL)-enabled Web site received a specially crafted packet message. By default, IIS is not configured to host SSL Web sites.

* Note: This security update does not affect supported editions of Windows Server 2008 or Windows Server 2008 R2 as indicated, when installed using the Server Core installation option.

  TREND MICRO PROTECTION INFORMATION

For information on patches specific to the affected software, please proceed to the Microsoft Web page.

Trend Micro clients using OfficeScan with Intrusion Defense Firewall (IDF) may refer to the table below for the pattern filter identifier(s):

Vulnerability ID Identifier & Title IDF First Pattern Version IDF First Pattern Release Version
CVE-2010-3229 1004472 - TLSv1 Denial Of Service Vulnerability 10-032 Oct 13, 2010

  SOLUTION

  AFFECTED SOFTWARE AND VERSION

  • Windows 7 for 32-bit Systems
  • Windows 7 for x64-based Systems
  • Windows Server 2008 for 32-bit Systems
  • Windows Server 2008 for Itanium-based Systems
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
  • Windows Server 2008 for x64-based Systems
  • Windows Server 2008 R2 for Itanium-based Systems
  • Windows Server 2008 R2 for x64-based Systems*
  • Windows Vista Service Pack 1
  • Windows Vista Service Pack 2
  • Windows Vista x64 Edition Service Pack 1
  • Windows Vista x64 Edition Service Pack 2

Featured Stories