|Patch Name :
|Patch Description :
||Security Update for Windows XP (KB935840)
|Bulletin Id :
|Bulletin Title :
||Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
|Location Path :||WindowsXP-KB935840-x86-ENU.exe|
||This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
This is a critical security update for supported editions of Windows XP, important for editions of Windows 2003, and moderate for editions of Windows 2000. This security update addresses the vulnerability by modifying the way that the client parses server-key exchange data sent from the server.
A remote code execution vulnerability exists in the way that Windows Schannel on a client machine validates server-sent digital signatures. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attackers Web site.
|Superceding Bulletin Id :
|Patch Release Date :
||Jun 12, 2007
|CVE Id :||CVE-2007-2218
|Affected Product Information
||Service Pack Name
|Windows XP Professional||Windows XP Service Pack 2|
|File changes || |
|Registry changes || |
|Registry Path||Key Name||Key Value|