Kenichiro Katayama

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows Server 2008 R2 Microsoft Windows Server 2008 R2 SP1 Microsoft Windows 7 Gold Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows RT **Description** A security feature bypass issue exists in the way Microsoft Windows handles SSLv3 and TLS protocols, allowing man-in-the-middle attackers to conduct SSLv2 downgrade attacks against SSLv3 or TLS sessions by intercepting handshakes and injecting specially crafted content. **Recommendations** For Microsoft Windows Vista SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 SP2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 R2, update to a newer version to mitigate the risk. For Microsoft Windows Server 2008 R2 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 7 Gold, update to a newer version to mitigate the risk. For Microsoft Windows 7 SP1, update to a newer version to mitigate the risk. For Microsoft Windows 8, update to a newer version to mitigate the risk. For Microsoft Windows Server 2012, update to a newer version to mitigate the risk. For Microsoft Windows RT, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of SSLv3 protocol until a patch is available.