Skip to main content

Microsoft to Design Patch to Reduce SSL 3.0 and TLS 1.0 Protocol Vulnerabilities

Microsoft has announced it will soon release a patch to block a vulnerability in protocols that are used to secure communication between a website and user web browser.

The vulnerability, which exists in SSL 3.0 and TLS 1.0 protocols, has been discussed for the past 10 years, but only recently have researchers discovered an exploit for the vulnerability.

Two researchers have developed an exploit called BEAT, which stands for ‘Browser Exploit Against SSL/TLS’. The exploit, which was been published can attack web browsers and steal the cookies which store personal user information like user names and passwords.

Microsoft said in a blog post that it does not consider the exploit a high risk for customers.

“Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0 and TLS 1.0, affecting the Windows operating system. This vulnerability affects the protocol itself and is not specific to the Windows operating system,” the company said.

The company said it is reviewing implications of the flaw and will decide the course of action once it finishes its investigation. Microsoft said it might release an out-of-band update depending on customer need.