Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1637

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1637
Last Modified 27 Mar 2015 03:38:59
Published 06 Mar 2015 12:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1637

Summary

Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server

  • Microsoft Windows 7

  • Microsoft Windows 8 -

  • Microsoft Windows 8.1 -

  • Microsoft Windows Rt -

  • Microsoft Windows Rt 8.1 -

  • Microsoft Windows Server 2008

  • Microsoft Windows Server 2008 R2

  • Microsoft Windows Server 2012 -

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Vista


References

CONFIRM - https://technet.microsoft.com/library/security/3046015

MISC - https://freakattack.com/

MS - MS15-031

SECTRACK - 1031833

Related Patches

MS15-031 Security Update for Windows Server 2003 (KB3046049)

MS15-031 Security Update for Windows Server 2008 (KB3046049)

MS15-031 Security Update for Windows Vista (KB3046049)

MS15-031 Security Update for Windows Vista x64 (KB3046049)

MS15-031 Security Update for Windows Server 2008 x64 (KB3046049)

MS15-031 Security Update for Windows Server 2003 x64 (KB3046049)

MS15-031 Security Update for WEPOS and POSReady 2009 (KB3046049)


Last Updated: 27 May 2016 11:08:00