TLS protocol session renegotiation fix Server 2008 R2
-
Saturday, September 22, 2012 3:03 PM
After a security scan I can't fixthe 'TLS Protocol Session Renegotiation Security Vulnerability' on Windows Server 2008 R2 to make us PCI compliant. The link given is to a dead page and after trawling through many pages I can't find a patch for my server's OS. Am I being extremely thick or just going in the wrong direction. If so can someone help. desperately need to get this fixed. (details of the pproblem below)
Thanks in advance.
Sam
Title: TLS Protocol Session Renegotiation Security Vulnerability Impact: The vulnerability allows man-in-the-middle attack. Resolution: For OpenSSL, [http://www.openssl.org/source/] upgrade to 0.9.8l or higher. For Microsoft IIS web servers, install the appropriate patch available through [http://technet.microsoft.com/en- us/security/bulletin/MS10-049] Microsoft Security Bulletin 10-049. For other types of products, consult the product documentation. Risk Factor: Medium/ CVSS2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE: CVE-2009-3555 BID: 36935
All Replies
-
Sunday, September 23, 2012 4:48 AM
Hi,
may you want check out this http://support.microsoft.com/kb/977377.
Please read carefully the notes about how this fix will affect certain functionality.
Regards,
Lutz
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Friday, September 28, 2012 2:05 AM
.png)
