TLS Vulnerability in Microsoft Windows Terminal Server
CVE-2007-2593

Currently unrated

Key Information:

Vendor: Microsoft
Status: Terminal Server
Vendor: CVE Published:; 11 May 2007

What is CVE-2007-2593?

The Terminal Server component of Microsoft Windows 2003 Server has a significant vulnerability that allows remote attackers to bypass SSL and self-signed certificate requirements when using TLS. This weakness potentially enables attackers to downgrade server security mechanisms, risking exposure to man-in-the-middle attacks through various unspecified methods. The issue was particularly highlighted in relation to the Remote Desktop Protocol (RDP) 6.0 client. It has been suggested by third-party sources that fixes for this vulnerability may have been implemented around 2006.

References

http://www.securityfocus.com/archive/1/468049/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/468057/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/468203/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 11, 2007
Vulnerability Reserved
May 10, 2007