Microsoft Windows Transport Layer Security CVE-2020-1118 Denial of Service Vulnerability
Description
A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. To exploit this vulnerability, a remote unauthenticated attacker could send a specially crafted request to a target system utilizing TLS 1.2 or lower, triggering the system to automatically reboot. The update addresses the vulnerability by changing the way TLS key exchange messages are validated.
Affected Applications
Windows 10
Windows Server version 1903 (Server Core installation)
Windows Server version 1803 (Server Core Installation)
Windows Server version 1909 (Server Core installation)
Windows Server 2019