U.S. Flag Official website of the Department of Homeland Security
TLP:WHITE

SSL/TLS Protocol Vulnerability

Original release date: September 27, 2011 | Last revised: October 23, 2012

US-CERT is aware of a vulnerability affecting the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. Exploitation of this vulnerability may allow an attacker to decrypt encrypted SSL/TLS traffic and obtain sensitive information.

Microsoft has released Security Advisory 2588513 to provide workarounds for this vulnerability in the Windows implementation of the SSL and TLS protocols.

US-CERT encourages Microsoft Windows users and administrators to review Microsoft Security Advisory 2588513 and implement the workarounds listed in the advisory to help mitigate the risks.

Because the SSL and TLS protocols may be used in a variety of products, users and administrators are encouraged to check with their software vendors for updated versions. US-CERT will provide updates as additional information becomes available. Additional information can be found in Vulnerability Note VU#864643.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top