Microsoft Secure Channel Denial of Service Vulnerability
( Microsoft Security Bulletin MS10-085, CVE-2010-3229 )
Summary
A vulnerability has been reported in the way that Microsoft's SChannel security package processes client certificates in Microsoft Windows. A remote attacker could leverage this issue to cause a server to stop responding, thereby creating a denial of service condition.
Details
SChannel is a security package that provides Secure Socket Layer (SSL) and Transport Layer Security (TLS) authentication protocol support in Microsoft Windows.
The vulnerability is caused by SChannel failing to check a logical condition before processing a protocol request during an SSL/TLS handshake. A remote attacker can exploit this issue by sending a specially crafted packet message to an affected Internet Information Services (IIS) server hosting an SSL/TLS-secured web site, which could cause the Local Security Authority Subsystem Service (LSASS) to stop responding and consequently result in a denial of service by the server.
Affected Products
- Windows Vista SP1 and SP2
- Windows Vista x64 Edition SP1 and SP2
- Windows Server 2008 for 32-bit Systems - original release and SP2
- Windows Server 2008 for x64-based Systems - original release and SP2
- Windows Server 2008 (Itanium) Windows - original release and SP2
- Windows Server 2008 R2 for x64-based Systems
- Windows Server 2008 R2 (Itanium)
- Windows 7 for 32-bit Systems and x64-based Systems
Solution
Check Point IPS-1, IPS Software Blade and NGX SmartDefense provide immediate network protection in the latest IPS update by detecting and blocking malformed messages sent to a server that attempt to exploit this vulnerability. For more information, see CPAI-2010-279.
Originally Published:
Last Updated: 15-Oct-2010