MS10-049: Vulnerabilities in SChannel could allow Remote Code Execution (980436)
High Nessus Plugin ID 48286
SynopsisIt may be possible to execute arbitrary code on the remote Windows host using the Secure Channel security package.
DescriptionThe remote Windows host is running a version of the Secure Channel (SChannel) security package that is affected by one or more of the following vulnerabilities :
- The SChannel authentication component allows a client to renegotiate the connection after the initial handshake, which could be abused to inject information into an encrypted connection, effectively sending traffic spoofing an authenticated client. (CVE-2009-3555)
- The way that SChannel validates a certificate request message sent by a server could lead to a denial of service or even allow execution of arbitrary code if an attacker can trick a user on the affected system into connecting to malicious web server over SSL or TLS. (CVE-2010-2566)
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.