UpdatesDescription: This security update resolves a privately reported vulnerability in the Secure Channel (SChannel) security package in Windows. The vulnerability could allow spoofing if an attacker gains access to the certificate used by the end user for authentication. Customers are only affected when the public key component of the certificate used for authentication has been obtained by the attacker through other means. The security update addresses the vulnerability by modifying the way that the server parses key exchange data during the TLS handshake.

Update type: Important

Release date: March 10, 2009

Applies to: All

Knowledge base: http://support.microsoft.com/kb/960225

Download link: 32-bit | 64-bit

Comments: Here are the specifics on the vulnerabilities covered by this update:

One Reply to “KB960225”

Leave a Reply