Home / bulletins MS07-031 — Critical: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840) - Version:1.0
Posted on 27 June 2007
CriticalSeverity Rating: Critical - Revision Note: Bulletin published.Summary: This critical security update resolves a privately reported vulnerability in the Secure Channel (Schannel) security package in Windows. The Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page using an Internet Web browser or used an application that makes use of SSL/TLS. However, attempts to exploit this vulnerability would most likely result in the Internet Web browser or application exiting. The system would not be able to connect to Web sites or resources using SSL or TLS until a restart of the system.
