CVE-2019-1318

Name of the Vulnerable Software and Affected Versions Windows versions prior to the fixed version

Description The issue is related to a Transport Layer Security (TLS) protocol implementation flaw in Windows operating systems, specifically concerning session fixation weaknesses. This can be exploited by a remote attacker to gain unauthorized access to protected information by connecting to a peer node. The vulnerability allows for spoofing when TLS accesses non-Extended Master Secret (EMS) sessions.

Recommendations For Windows versions prior to the fixed version, apply the necessary security updates to resolve the issue. As a temporary workaround, consider restricting access to TLS sessions to minimize the risk of exploitation. Avoid using non-Extended Master Secret (EMS) sessions in TLS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.