Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:20181
HistoryOct 17, 2010 - 12:00 a.m.

Microsoft Windows SChannel客户端证书处理拒绝服务漏洞(MS10-085)

2010-10-1700:00:00
Root
www.seebug.org
20

0.921 High

EPSS

Percentile

99.0%

JSON

BUGTRAQ ID: 43780
CVE ID: CVE-2010-3229

Microsoft Windows是微软发布的非常流行的操作系统。

Windows的SChannel实现在SSL/TLS握手期间处理协议请求之前没有检查逻辑情况,如果远程攻击者向承载着启用了SSL的网站的IIS服务器发送了特制的客户端证书请求,就会导致LSASS服务停止响应和系统重启。

Microsoft Windows Vista SP2
Microsoft Windows Vista SP1
Microsoft Windows Server 2008 SP2
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Microsoft Windows 7
临时解决方法:

  • 在IIS中阻止SSL网站

    1. 启动IIS管理器
    2. 在左侧的“连接”面板上,选择使用SSL的网站
    3. 在右面板中单击“停止”
    4. 每个启用SSL的网站重复步骤2和3

厂商补丁:

Microsoft

Microsoft已经为此发布了一个安全公告(MS10-085)以及相应补丁:
MS10-085:Vulnerability in SChannel Could Allow Denial of Service (2207566)
链接:http://www.microsoft.com/technet/security/bulletin/MS10-085.mspx?pf=true

Related

checkpoint_advisories 2
nessus 1
openvas 2
nvd 1
cve 1
securityvulns 2
prion 1
cvelist 1
checkpoint_advisories
checkpoint_advisories
Microsoft SChannel TLSv1 Denial of Service (MS10-085) - Ver2 (CVE-2010-3229)
2014-12-28 00:00:00
Microsoft SChannel TLSv1 Denial of Service (MS10-085; CVE-2010-3229)
2010-10-12 00:00:00
nessus
nessus
MS10-085: Vulnerability in SChannel Could Allow Denial of Service (2207566)
2010-10-13 00:00:00
openvas
openvas
Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
2010-10-13 00:00:00
Microsoft Windows SChannel Denial of Service Vulnerability (2207566)
2010-10-13 00:00:00
nvd
nvd
CVE-2010-3229
2010-10-13 19:00:45
cve
cve
CVE-2010-3229
2010-10-13 19:00:45
securityvulns
securityvulns
Microsoft Security Bulletin MS10-085 - Important Vulnerability in SChannel Could Allow Denial of Service (2207566)
2010-10-13 00:00:00
Microsoft Windows multiple security vulnerabilities
2010-10-13 00:00:00
prion
prion
Denial of service
2010-10-13 19:00:00
cvelist
cvelist
CVE-2010-3229
2010-10-13 18:00:00

0.921 High

EPSS

Percentile

99.0%

JSON
Related for SSV:20181
checkpoint_advisories2nessus1openvas2nvd1cve1securityvulns2prion1cvelist1