MS KB2718704: Unauthorized Digital Certificates Could Allow Spoofing (deprecated)

This script is Copyright (C) 2012-2017 Tenable Network Security, Inc.


Synopsis :

This plugin has been deprecated.

Description :

The remote host is missing KB2718704, which updates the system's SSL
certificate blacklist.

Certificates issued by the Microsoft Terminal Services licensing
certification authority can be used to sign code as Microsoft. An
attacker could exploit this to spoof content or perform
man-in-the-middle attacks. KB2718704 revokes the trust of the three
intermediate CA certificates that can be used to perform this attack.

See also :

http://technet.microsoft.com/en-us/security/advisory/2718704
http://www.nessus.org/u?239cac64
http://support.microsoft.com/kb/2718704

Solution :

Install Microsoft KB2718704.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 59357 ()

Bugtraq ID: 53760

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now