MS13-006: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) (uncredentialed check)

This script is Copyright (C) 2013-2017 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a security feature bypass
vulnerability.

Description :

The remote host contains a flaw in the handling of SSL version 3
(SSLv3) and TLS (Transport Layer Security) protocols. An attacker can
inject specially crafted content into an SSL/TLS session, which could
allow an attacker to bypass security features of SSLv3 and TLS
protocols in order to intercept communications.

Note that this plugin only tests Microsoft IIS HTTPS and TLS-capable
FTP servers, which are known to use MS13-006 update files. Other
SSL/TLS implementations may also be affected. To test all SSL/TLS
services Nessus finds, configure the 'Report paranoia' preference
setting to 'Paranoid (more false alarms).'

See also :

http://technet.microsoft.com/en-us/security/Bulletin/MS13-006

Solution :

Microsoft has released a set of patches for Windows Vista, 2008, 7,
2008 R2, 8, and 2012.

For other SSL/TLS implementations, contact the vendor for updates.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 4.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 63643 ()

Bugtraq ID: 57144

CVE ID: CVE-2013-0013

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now