Switchfast Blog: The Future of IT

TLS/SSL Flaw Found in Windows

Wednesday, February 10, 2010 by Matt Hymel

Both client and server beware - Microsoft's latest Security Advisory has addressed a publicly disclosed vulnerability in the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols. Even more, Microsoft has found it affects all supported versions of Windows.

Microsoft gives 2 factors for the vulnerability:

• Web servers running Internet Information Services (IIS) 6.0 or later in the default configuration are not affected by this vulnerability, as they are only affected when configured to require mutual authentication (an uncommon configuration).
• Customers are only affected when an attacker is able to successfully conduct a man-in-the-middle attack by exploiting another vulnerability, such as a local subnet attack or DNS spoofing.

After releasing 13 security bulletins which fixed 26 vulnerabilities on this month's Patch Tuesday, the company is merely stating that it will be investigating this latest security flaw (meaning the fix was NOT included in this month's patches).

There are currently no attacks trying to use the vulnerability; however, Microsoft is vigorously working to fix it while monitoring the situation. We might see an out-of-cycle path or have to wait until March 9^th, the next Patch Tuesday scheduled.

Hit the link for more information and the Security Advisory (977377).

Until next time -

Matt

Switchfast Technologies
Chicago IT Support & Consulting
Rochester IT Support & Consulting

Leave comment:

Archives

• 2010
  • July (18)
    • How Small Businesses Can Take Advantage of Mobile SEO
    • Microsoft’s Internet Explorer Going Strong But Faces Adversity
    • Your Social Media Experience as a Small Business
    • How Large Corporations Are Influencing the Small Business Scene
    • Firefox 4 Beta Shows Off Improved Interface, Still Not Quite Speedy
    • How Professional Online Networking Adds to the Value of Your Small Business
    • As Tech Job Demands Grow, So Does Your Small Business
    • Can Microsoft’s Windows Phone 7 Make a Difference in Mobile Enterprise?
    • The Human Side of Small Business – Keeping Your Employees (and Yourself) Balanced
    • The Five Cs That Make Small Business SEO Work
    • Go Blog About It! 6 Reasons Why Your Small Business Should Maintain a Blog
    • Move Over, iPhone: 5 Reasons Android Now Works for Small Enterprise
    • 500 Million Reasons Small Businesses Should Join Facebook
    • Apple Targets the Small Business Market
    • Increase in IT Spending Points to IT Innovation
    • Firefox Impresses Users with Interface and Security Updates
    • 4 Reasons Why Small Businesses Should Build Local SEO
    • President Obama Promotes the Power of Small Business
  • June (21)
    • Google Supposedly Drops Windows for “More Secure” OS
    • Will Android Overtake Blackberry in Enterprise?
    • The Upcoming Generation of IT – Social Networking and Generation Y
    • Zero-Day Flaw Affecting Adobe Flash, Reader
    • Heads Up Chicago Small Business: SEO is King of Budget-Minded Marketing
    • Small Business Sees Rise in Confidence
    • We Ask Again: Will Google’s Caffeine Affect SEO?
    • 5 Lessons Small Businesses Can Learn From the BP Oil Spill
    • 3 Reasons Small Business Owners Should View SEO Like a Car
    • 5 Most Overlooked Aspects of a Small Business Website
    • Microsoft’s Xbox Kinect: A Future Small Business Tool?
    • 4 Simple Tactics to Promote a Small Business and Build Connections
    • One Year and 3.7 Billion Phishing Emails Later – Is Your Identity Protected?
    • Three Advancing Areas of Enterprise Hardware
    • Email Etiquette – 5 Tips on Small Business Communication
    • New Collaboration Tool From Salesforce Pushes Notion of Social Enterprise
    • Strength in Small Business IT Brings Strength in Innovation
    • Microsoft’s Bing, Internet Explorer 9 Making Quiet Advancements
    • Hey Chicago, You’re the Next Silicon Valley
    • Three Reasons Why Facebook SEO Isn’t Important For Small Business (Yet)
    • Beware and Recognize Phishing/Virus Attempts!
    • According to FCC, VoIP Service ‘Important and Rapidly Growing’
    • Three Benefits Tablets Can Bring to the Small Business Sector
  • May (16)
    • Passwords and Privacy: 5 Password Manager Options
    • Saving Time and Money with Mobile Apps
    • Google’s New Search Page Layout and Its Effect on SEO
    • Offsite Backup Saves Time, Money and Frustration
    • Patch Tuesday: A Pair of Critical Fixes
    • Technology & Small Business Viewed as Most Positive Influence on U.S.
    • Three Thoughts on Choosing an IT Company
    • 17th Annual Chicago Cares Serve-a-thon on Saturday, June 12, 2010!
    • Small Businesses Benefit from Helpful Agencies
    • 5 Tips on Maximizing Social Media ROI
    • VoIP Proves to be Effective Cost-Cutter
    • Small Business Owners Feel Personally Fulfilled
    • Wireless: Evolving Tool or Security Nightmare?
    • IT-Business Convergence: The Key to Company Evolution
    • Google Analytics Offers Choice of Opting Out
    • Scientist ‘Infected’ Himself with Computer Virus, Stands on Principle
    • Soluto: The Solution to PC Frustration?
  • April (18)
    • April 1st – An Important Lesson in Content Production & Retrieval
    • What Does “Cloud” Mean to You?
    • FCC Can Not Enforce Net Neutrality – What Happens Next?
    • Is There a “Cyberwar” Around the Corner?
    • Small Businesses Get Their Way with Yelp
    • Social Networking Gone Wrong – Is Anonymity a Reliable Reputation Builder?
    • Another Heavy Tuesday – Critical Patches from Microsoft, Adobe
    • Will Social Networking Kill Off Email?
    • Power Down: The ROI of Decreasing Utility Waste and Pollution
    • Work Smarter: 10 Firefox Extensions to Improve Efficiency
    • Microsoft Gets Busy Rolling Out Office 2010 , Windows InTune, Fix It
    • Saving Money – As Easy As Choosing Your Font
    • More Hardware Investment Means More IT Spending
    • McAfee Glitch Shutting Down Corporate Computers Worldwide
    • Passwords and Privacy : 3 Tips to Better Manage Your Private Content
    • Using Analytics Efficiently – 5 Ways to Improve Employee Production
    • Gmail vs. Exchange – Will Cloud Services Cut Costs?
    • Optimizing LinkedIn: Features & Opportunities for Your Small Business
  • March (22)
    • Mac Continues to Invade Enterprise
    • The Internet Browser Revolution
    • Enterprise Wants a Piece of Windows 7 Growth
    • Search Engine Giant Google Fails its Own Test, Offers its SEO Pointers
    • Excited About Windows Phone 7? More Details Coming Soon
    • While Office 2010 Gets a Launch Date, Google has its Sights on Enterprise with Chrome OS
    • Beware: Counterfeit Intel Processors
    • Technology Adjusting to Success of Small-to-Midsize Businesses
    • Patch Tuesday: Slow, But Still Very Important
    • Will Bing Turn into a Significant Search Engine?
    • Celebrating 25 Years of Dot Com Has its Drawbacks
    • IE9 Now Available for Test Drive
    • Businesses Begin the Windows 7 Migration
    • National Broadband Plan – How Will It Affect Small Business?
    • Attention SMBs: Microsoft Makes Windows 7’s XP Mode Available Without Virtualization
    • Chicago Avoids the Top 10 Riskiest Online Cities
    • Is Ubuntu’s Lucid Lynx Concentrating on Aesthetic or Functionality?
    • New Office Communications Server for Microsoft around the Corner
    • Hungry Hungry Hackers Conquer IE8 on Windows 7 (Among Other Feats)
    • Most Dangerous Search Terms According to McAfee
    • Microsoft and Apple Releasing Critical Updates
    • iPhone for Verizon – A Small Business Game Changer?
    • AMD, Intel Unleash New Processors, Look to Power Small Businesses
  • February (19)
    • Microsoft Azure Platform Opens to Public
    • Would It Benefit Your CIO to Blog?
    • Breaking Through the Condescending IT Image
    • Beware: Rogue iPhone Apps that Steal Data
    • On the Right Track: IE 8 World’s Most-Used Browser
    • The Dangers of Using a Public Wi-Fi Network
    • Build a Strong Brand alongside a Booming Business
    • TLS/SSL Flaw Found in Windows
    • Can Your Company Benefit from Google Buzz?
    • Windows Patch Tuesday Update Producing Blue Screen
    • Can IT Boost Your PowerPoint Creativity?
    • Firefox Poised to Penetrate IE Stronghold as Primary Enterprise Browser
    • Free Version of BlackBerry Enterprise Server Coming Soon
    • Adobe Issues Out-of-Band PDF Updates
    • Google Buzz May Be Black Hat SEO Haven
    • Microhoo is Official, but Don’t Expect Changes Quickly
    • Small Business Blogging: Benefits and Drawbacks
    • Social Media Thrives On Small Business Innovations
    • Adobe Releases Critical Security Update for Download Manager
    • WiMAX & LTE Networks Bringing VoIP into Big Picture
    • Creating a Smartphone Application – For Enterprise Use
    • Three Big Reasons to Take a Minute to Upgrade Your Browser
  • January (9)
    • Microsoft Announces Pricing for Office 2010
    • Keep an Eye Out for Microsoft Windows Patch this Tuesday
    • Microsoft Announces IE Security Hole Believed to be Involved in Google Attacks
    • FireFox 3.6 RC2 Released Sunday
    • Will 2010 Bring "Hybrid Clouds" ?
    • Microsoft Investigates Internet Explorer Flaw - Again
    • IT Spending to Increase in 2010
    • Why Your Social Media Image Matters – Especially for SEO/SEM
    • Windows Mobile 7 Demo to Appear Next Month
    • The iPad - How Will 'it' Affect IT?
    • To Enterprise or Not - Tech Analysts Split on iPad
    • Google Sets Sights on Enterprise Version of Nexus One
    • Beware: Latest Search Malware Threat – ‘Apple iPad’
• 2009
  • December (10)
    • Beware: Top Ten Riskiest Domains
    • Important Microsoft IE Security Update Coming Tuesday
    • Copenhagen Climate Talks Spawn Flurry of Positive Green Tech Activity
    • Microsoft Claims BitLocker Security Hole is Only Dangerous in “Highly Unlikely Situations”
    • Beware: Koobface.GK “Christmas Worm”
    • Last-Minute Holiday Gift Deals
    • Mozilla Releases Important Security Update for Firefox
    • Entrepreneurs: Internet Usage Still Somehow Continues to Climb
    • Nexus One ‘Google Phone’ Expected at January 5th Android Event
    • McAfee says Adobe Will be a Bigger Hacker Target than Microsoft in 2010
  • November (13)
    • Microsoft Opens World-Class Data Center on Chicago's Outskirts
    • Reminder: New Chicago Area Code to be Active on November 7
    • Latest T-Mobile Outage is Fixed
    • Windows 7 is More Secure, but You Still Need Antivirus
    • Attention eCommerce: Reliable Search can Aid Conversion Rates
    • Apple Releases Snow Leopard Update v10.6.2
    • Google Maps Launches Flu Shot Finder
    • Upgrading Obsolete Systems can Save Huge Amounts of Money, but Do Your Research First
    • Next Generation Collaborative Tools are Changing How We Interact
    • Let Switchfast Help with Holiday Shopping!
    • Verizon Doubles Early-Termination Fee for Smartphones
    • Beware: Dangerous iPhone Worm
    • Future of the Internet Browser: Speed is King
  • October (12)
    • Use Copyscape to Protect your Reputation with Google
    • Non-Profits: Upgrade to Windows 7 for free through TechSoup
    • Beware Keylogging: The Latest Phishing Fad
    • Beware "Chicago Marathon 2009 Results" Malware
    • Good SEO Takes Time, but the Results are Well Worth the Wait
    • Google’s Postini Outage Affects Many United States Users, Now Resolved
    • MicroStrategy Offers Free Business Intelligence Software
    • Windows 7 is Imminent, the Internet is Buzzing
    • Lifehacker posts Master List of Windows 7 Shortcuts
    • ICANN to bring non-English web addresses to the internet in 2010
    • Smartphone sales to surpass laptop sales by 2012
    • Free Software Scans Twitter Links for Malware
  • September (10)
    • Gmail Outage Blamed on a Capacity Calculation Error
    • SEO vs. Yellow Pages: Times are Changing
    • Exchange 2007 Support May be Snow Leopard’s Killer Feature
    • eMarketer: SMBs Prefer Digital Media Over Traditional Media
    • Workplace Computers: To Lockdown or Not to Lockdown?
    • Non-Profits Gain Free Revenue through GoodSearch
    • SANS Institute: Unpatched Software is Top Security Risk Worldwide
    • IE Now with HTML5 Compatibility, Thanks to Google
    • Microsoft CEO Steve Ballmer on the "New Normal"
    • Microsoft Offers Free AntiVirus Software
  • August (10)
    • Microsoft Office 2010: What We Know So Far
    • XP Mode: Killer App for Windows 7 Enterprise Adoption?
    • Google, Apple release helpful software updates
    • Is Google’s “Caffeine” a game-changer for SEO?
    • “Hot Content” like Erin Andrews Video Used as Bait for Malware
    • Non-Profits Should Look to Search Engines for Affordable Donor Generation
    • Windows Server 2008 R2 Released to Software Assurance Subscribers
    • Apple to Release Snow Leopard on Friday (8/28)
    • European ‘Cyber-gangs’ targeting small to medium-sized businesses
    • Snow Leopard Not as Secure as Advertised?
  • July (15)
    • Three easy habits to keep your system up and running
    • Be careful what you tweet!
    • Workaround for Microsoft ActiveX Security Vulnerability for IE6 and IE7
    • As a source of customers, the internet has become impossible to ignore
    • Microsoft to release security patches for DirectX/ActiveX on Tuesday (7/14)
    • Microsoft to release Windows 7 to Businesses on September 1st
    • Non-Profits can gain a major edge using a CMS
    • Why you need to be archiving your email right now
    • Google’s Q2 revenue tells us where opportunity lies
    • Service Pack 2 to be released for Office 2008 for Macintosh today
    • Thanks to everyone who stopped by the Switchfast booth at the City of Chicago Treasurer’s Small Business Expo!
    • How to use social media to bring business on no budget
    • Why every organization should utilize an electronic document management tool
    • Microhoo: Microsoft and Yahoo finally agree on a search partnership
    • Beware Rogueware: Fake security software that is becoming big business
  • June (14)
    • Beware: Gumblar virus
    • Spam can be more than just annoying
    • Can Microsoft’s Bing threaten Google's dynasty?
    • Non-Profits should take advantage of free/cheap technology to stay competitive and relevant
    • Green technology isn’t going anywhere but up
    • Rapid growth in mobile technology is changing the face of business
    • High tech lighting can save up to 40%
    • Clearwire to launch 4G WiMax in Chicago this summer
    • A close look reveals unique pricing opportunities for MS Office
    • Windows 7 just around the corner, presale details leaked
    • Nortel sells wireless business, further signals change in telecom landscape
    • Economic downturn has been catalyst for SMB adoption of managed services
    • Another "No Backup" Horror Story
    • Cisco claims big internal savings through telecommuting
  • May (13)
    • Microsoft says that IT is "firmly entrenched as a strategic asset" among small to medium businesses
    • Uncontrollable environmental conditions make the ability to work remotely a powerful tool
    • Plane crash victim escapes with his life and his critical data
    • Sometimes small changes make a big difference
    • Aging hardware can be much costlier to keep than to replace
    • SF Giants: Low maintenance costs and an able feature set prove to be big cost-savers with new VoIP system
    • Quick fix for Internet Explorer 8 crashing with faulting module urlmon.dll
    • Beware Unreliable and Inefficient Data Security Solutions
    • Recent influx of Phishing scams demands caution from internet users
    • Agile Software Development divides big projects into manageable, budget-friendly chunks
    • Lower-priced Windows 7 licenses for netbooks will have maximum spec limit
    • Google: "The Web has won"
    • Good economic news means now is the time to make changes
  • April (3)
    • Instead of Sacrificing Your Assets, Streamline Them
    • Mac Users Should be Aware that Security Threats are Growing
    • Big Microsoft discounts available through May
  • March (1)
    • Going Green Means Saving Green ($$$)