CVE-2015-2434

Name of the Vulnerable Software and Affected Versions Microsoft XML Core Services versions 3.0 and 5.0

Description The issue allows remote attackers to defeat cryptographic protection mechanisms by sniffing the network and conducting a decryption attack. This is due to Microsoft XML Core Services explicitly allowing the use of Secure Sockets Layer (SSL) 2.0, which makes it easier for attackers to decrypt portions of encrypted network information traffic.

Recommendations For Microsoft XML Core Services versions 3.0 and 5.0, consider disabling the use of SSL 2.0 to minimize the risk of exploitation. As a temporary workaround, restrict the use of MSXML to minimize the risk of information disclosure until a patch is available.