CVE-2015-1637
First published: Fri Mar 06 2015(Updated: )
Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly restrict TLS state transitions, which makes it easier for remote attackers to conduct cipher-downgrade attacks to EXPORT_RSA ciphers via crafted TLS traffic, related to the "FREAK" issue, a different vulnerability than CVE-2015-0204 and CVE-2015-1067.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows 8.0 | ||
| Microsoft Windows 8.1 | ||
| Microsoft Windows RT | ||
| Microsoft Windows RT | ||
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =sp2 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | =r2-sp1 | |
| Microsoft Windows Server | ||
| Microsoft Windows Server | =r2 | |
| Microsoft Windows Vista | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://web.archive.org/web/20150321220028/https://freakattack.com/
- http://www.securityfocus.com/bid/72965
- http://www.securitytracker.com/id/1031833
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-031
- https://freakattack.com/
- https://technet.microsoft.com/library/security/3046015
Frequently Asked Questions
What is the severity of CVE-2015-1637?
CVE-2015-1637 has a severity rating of critical due to the potential for remote code execution.
How do I fix CVE-2015-1637?
To fix CVE-2015-1637, apply the latest Windows security updates provided by Microsoft.
What systems are affected by CVE-2015-1637?
CVE-2015-1637 affects multiple versions of Microsoft Windows, including Windows 7, Windows 8, Windows 8.1, and various Windows Server editions.
What type of vulnerability is CVE-2015-1637?
CVE-2015-1637 is a vulnerability in the Schannel security package that improperly restricts TLS state transitions.
Can CVE-2015-1637 lead to data breaches?
Yes, CVE-2015-1637 can lead to data breaches as it allows attackers to exploit the vulnerability for remote code execution.
- agent/references
- agent/type
- agent/remedy
- agent/weakness
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- canonical/microsoft windows 8.0
- canonical/microsoft windows 8.1
- canonical/microsoft windows rt
- canonical/microsoft windows server
- version/microsoft windows server/sp2
- version/microsoft windows server/r2-sp1
- version/microsoft windows server/r2
- canonical/microsoft windows vista
- version/microsoft windows vista/sp2