Threat Encyclopedia

Microsoft: TLS Information Disclosure Vulnerability


A information disclosure vulnerability exists when TLS components use weak hash algorithms. An attacker who successfully exploited this vulnerability could obtain information to further compromise a users's encrypted transmission channel. To exploit the vulnerability, an attacker would have to conduct a man-in-the-middle attack. The update addresses the vulnerability by correcting how TLS components use hash algorithms.

Affected Products

Windows RT 8.1
Windows Server version 2004 (Server Core installation)
Windows Server 2016
Windows Server version 1909 (Server Core installation)
Windows Server 2012
Windows 8
Windows Server 2008
Windows 10
Windows 7
Windows Server version 1903 (Server Core installation)
Windows Server 2019

CVE References