MS13-006 Vulnerability in Microsoft Windows Could Allow Security Feature Bypass
2013-01-08 This security update resolves a privately reported vulnerability in the implementation of SSL and TLS in Microsoft Windows. The vulnerability could allow security feature bypass if an attacker intercepts encrypted web traffic handshakes.
Vulnerabilities addressed in this bulletin:
Bulletin details at Microsoft.com
Vulnerabilities addressed in this bulletin:
- Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability
- A security feature bypass vulnerability exists in the way that the Microsoft Windows SSL/TLS (Secure Socket Layer and Transport Layer Security) handle the SSL version 3 (SSLv3) and TLS protocols. The vulnerability could allow security feature bypass if an attacker injects specially crafted content into an SSL/TLS session.
CVE-2013-0013
Bulletin details at Microsoft.com
Related CVE Entries
The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
Max CVSS
5.8
EPSS Score
0.84%
Published
2013-01-09
Updated
2023-12-07