MS13-006: Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220)

medium Nessus Plugin ID 63424

Synopsis

The remote Windows host is affected by a security feature bypass vulnerability.

Description

The remote Windows host contains a flaw in the handling of SSL version 3 (SSLv3) and TLS (Transport Layer Security) protocols. An attacker can inject specially crafted content into an SSL/TLS session, which could allow an attacker to bypass security features of SSLv3 and TLS protocols in order to intercept communications.

Solution

Microsoft has released a set of patches for Windows Vista, 2008, 7, 2008 R2, 8, and 2012.

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2013/ms13-006

Plugin Details

Severity: Medium

ID: 63424

File Name: smb_nt_ms13-006.nasl

Version: 1.10

Type: local

Agent: windows

Published: 1/9/2013

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.0

CVSS v2

Risk Factor: Medium

Base Score: 5.8

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 1/8/2013

Vulnerability Publication Date: 1/8/2013

Reference Information

CVE: CVE-2013-0013

BID: 57144

IAVB: 2013-B-0003

MSFT: MS13-006

MSKB: 2785220