Vulnerability in SChannel Could Allow Spoofing
Description: This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means. The security update addresses the vulnerability by modifying the way that the server parses key exchange data during the TLS handshake.
Update type: Important
Release date: March 10, 2009
Applies to: All
Knowledge base: http://support.microsoft.com/kb/960225
Comments: Here are the specifics on the vulnerabilities covered by this update:
- SChannel Spoofing Vulnerability – CVE-2009-0085
For more information on this issue, including potential causes, workarounds, and resolutions, see: Microsoft KB Article KB960225.