Endpoint Vulnerability

Microsoft Windows Transport Layer Security Denial of Service Vulnerability

Description

A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, a remote unauthenticated attacker could send a specially crafted request to a target system utilizing TLS 1.2 or lower, triggering the system to automatically reboot. The update addresses the vulnerability by changing the way TLS key exchange messages are validated.

Affected Products

Windows 10,Windows Server, version 1903 (Server Core installation),Windows Server, version 1803 (Server Core Installation),Windows Server, version 1909 (Server Core installation),Windows Server 2019

References

CVE-2020-1118,