A weakness has been reported in Microsoft Windows, which can be exploited by malicious people disclose potentially sensitive information.
Release date: 2012-07-10
Severity :Low
Impact
Exposure of sensitive information
Systems affected
· Microsoft Windows 7
· Microsoft Windows Server 2003 Datacenter Edition
· Microsoft Windows Server 2003 Enterprise Edition
· Microsoft Windows Server 2003 Standard Edition
· Microsoft Windows Server 2003 Web Edition
· Microsoft Windows Server 2008
· Microsoft Windows Storage Server 2003
· Microsoft Windows Vista
· Microsoft Windows XP Home Edition
· Microsoft Windows XP Professional
CVE Reference(s)
CVE-2012-1870
Description
The weakness is caused due to a design error in the Transport Layer Security (TLS) protocol when used with symmetric cipher suites in CBC mode (e.g. AES) and can be exploited to decrypt portions of HTTPS sessions.
Solution
Apply patches.
Original Advisory
http://technet.microsoft.com/en-us/security/bulletin/ms12-049
http://technet.microsoft.com/en-us/security/bulletin/ms12-049
NOTE: The information provided is on “as is” basis,without assurance of any kind