MS KB3155527: Update to Cipher Suites for FalseStart

Medium Nessus Plugin ID 91045


The remote Windows host is affected by a cipher downgrade vulnerability.


The remote Windows host is affected by a cipher downgrade vulnerability in FalseStart due to allowing TLS clients to send application data before receiving and verifying the server 'Finished' message. A man-in-the-middle attacker can exploit this to force a TLS client to encrypt the first flight of application_data records using an attacker's chosen cipher suite from the client's list.


Microsoft has released a set of patches for Windows 2012, 8.1, 2012 R2, and 10.

See Also

Plugin Details

Severity: Medium

ID: 91045

File Name: smb_kb3155527.nasl

Version: $Revision: 1.2 $

Type: local

Agent: windows

Family: Windows

Published: 2016/05/11

Modified: 2017/08/30

Dependencies: 13855

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Patch Publication Date: 2016/05/10

Vulnerability Publication Date: 2016/05/10

Reference Information

MSKB: 3155527