SynopsisIt may be possible to execute arbitrary code on the remote Windows host using the Secure Channel security package.
DescriptionThe remote Windows host is running a version of the Secure Channel (SChannel) security package that is affected by one or more of the following vulnerabilities :
- The SChannel authentication component allows a client to renegotiate the connection after the initial handshake, which could be abused to inject information into an encrypted connection, effectively sending traffic spoofing an authenticated client. (CVE-2009-3555)
- The way that SChannel validates a certificate request message sent by a server could lead to a denial of service or even allow execution of arbitrary code if an attacker can trick a user on the affected system into connecting to malicious web server over SSL or TLS. (CVE-2010-2566)
SolutionMicrosoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, and 2008 R2.