SChannel Authentication Bypass Vulnerability - MS09-007ID: oval:org.secpod.oval:def:2612 | Date: (C)2011-10-27 (M)2023-12-14 |
Class: PATCH | Family: windows |
The host is missing a security update according to Microsoft security bulletin, MS09-007. The update is required to fix Secure Channel (aka SChannel) authentication component in Microsoft Windows platforms. When certificate authentication is used and does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages. Successful exploitation allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key.
Platform: |
Microsoft Windows 2000 |
Microsoft Windows XP |
Microsoft Windows Server 2003 |
Microsoft Windows Vista |
Microsoft Windows Server 2008 |