Vulnerability in SSL 3.0 Could Allow Information Disclosure

| | Comments are off for this post.

In the end of 2014 it became known that the SSL protocol (specifically SSL v3) was broken and decryption of the encrypted data was possible. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system.

All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability!

Microsoft is announcing that SSL 3.0 will be disabled in the default configuration of Internet Explorer and across Microsoft online services over the coming months. Microsoft recommends customers migrate clients and services to more secure security protocols, such as TLS 1.0, TLS 1.1 or TLS 1.2.

Microsoft outline the suggested actions (Workarounds) at https://technet.microsoft.com/en-us/library/security/3009008.aspx.

Useful data from iRangers Experts
right in your inbox

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.