Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
Published: October 14, 2014 | Updated: October 15, 2014
Version: 1.1
CVE-ID: CVE-2014-3566
General Information
Executive Summary
Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability. Microsoft is not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors:
The attacker must make several hundred HTTPS requests before the attack could be successful.
TLS 1.0, TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
Include Workaround to disable SSL 3.0.
Disable SSL 3.0 and enable TLS 1.0, TLS 1.1, and TLS 1.2 in Internet Explorer & Windows
Note After applying this workaround, Internet Explorer will fail to connect to Web servers that only support SSL up to 3.0 and don’t support TLS 1.0, TLS 1.1, and TLS 1.2.
SOURCE
My Computer
At a glance
Windows 7 Professional SP1 - x64 [Non-UEFI Boot]Ivy Bridge Core i5 3570K (Delidded)G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)Asus Dual-RX480-O4G
- Computer type
- PC/Desktop
- Computer Manufacturer/Model Number
- Custom Build
- OS
- Windows 7 Professional SP1 - x64 [Non-UEFI Boot]
- CPU
- Ivy Bridge Core i5 3570K (Delidded)
- Motherboard
- Asus P8Z77-V LE PLUS
- Memory
- G.Skill "Ares" DDR3 PC3-12800 - 1600MHz (16Gb)
- Graphics Card(s)
- Asus Dual-RX480-O4G
- Sound Card
- Creative Sound Blaster Z w/5.1 sound system
- Monitor(s) Displays
- Asus IPS 23"
- Screen Resolution
- 16/9
- Hard Drives
- Internal:
500Go Sata 6Gb/s (x2)
500Go Sata 3Gb/s (x2)
SSD 60Go Sata 6Gb/s
- PSU
- In Win C 900W Series 80+ Platinum
- Case
- Thermaltake Chaser A71
- Cooling
- Custom Water Cooling Loop
- Keyboard
- Cooler Master QuickFire XTi
- Mouse
- Razer Imperator 2012 (4G)
- Antivirus
- MSE
- Browser
- IE 11.0.xxx Rtm
- Other Info
- "Raid0" with Intel Smart Response Technology (HDD/SSD)










