SSL/TLS Security Feature Bypass Vulnerability Reported in Microsoft Windows
( Microsoft Security Bulletin MS13-006, CVE-2013-0013 )
A vulnerability in the way Windows handles SSL/TLS session version negotiation could allow an attacker to downgrade an SSL/TLS connection to SSL version 2, which supports weak encryption cyphers. The Check Point IPS Software Blade protects systems against this issue at the network level by blocking attempts to exploit it.
The vulnerability is due to an error in the way Windows handle SSL/TLS session version negotiation. A remote attacker can exploit this issue by injecting specially crafted traffic into an SSL version 3 or TLS browsing session between Internet Explorer and a third-party server or a third-party client. Successful exploitation can allow the attacker to downgrade an SSL version 3 or TLS connection to SSL version 2, which supports weak encryption cyphers.
Please see CPAI-2013-004 for a list of the affected versions of Windows.
The security update described in MS13-006 should be deployed as soon as is practical. The Check Point IPS Software Blade protects unpatched systems in the latest IPS update by detecting and blocking attempts to inject malformed traffic into an SSL version 3 or TLS browsing session. For more information, see CPAI-2013-004.
Last Updated: 09-Jan-2013