Saturday, September 22, 2012 3:03 PM
After a security scan I can't fixthe 'TLS Protocol Session Renegotiation Security Vulnerability' on Windows Server 2008 R2 to make us PCI compliant. The link given is to a dead page and after trawling through many pages I can't find a patch for my server's OS. Am I being extremely thick or just going in the wrong direction. If so can someone help. desperately need to get this fixed. (details of the pproblem below)
Thanks in advance.
Title: TLS Protocol Session Renegotiation Security Vulnerability Impact: The vulnerability allows man-in-the-middle attack. Resolution: For OpenSSL, [http://www.openssl.org/source/] upgrade to 0.9.8l or higher. For Microsoft IIS web servers, install the appropriate patch available through [http://technet.microsoft.com/en- us/security/bulletin/MS10-049] Microsoft Security Bulletin 10-049. For other types of products, consult the product documentation. Risk Factor: Medium/ CVSS2 Base Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P) CVE: CVE-2009-3555 BID: 36935
Sunday, September 23, 2012 4:48 AM
may you want check out this http://support.microsoft.com/kb/977377.
Please read carefully the notes about how this fix will affect certain functionality.
- Marked As Answer by K_evin ZhuMicrosoft Contingent Staff, Moderator Friday, September 28, 2012 2:05 AM