Home / bulletins 3009008 - Vulnerability in SSL 3.0 Could Allow Information Disclosure - Version: 2.3
Posted on 17 February 2015
Revision Note: V2.3 (February 16, 2015): Revised advisory to announce the planned date for disabling SSL 3.0 by default in Internet Explorer 11.
Summary: Microsoft is aware of detailed information that has been published describing a new method to exploit a vulnerability in SSL 3.0. This is an industry-wide vulnerability affecting the SSL 3.0 protocol itself and is not specific to the Windows operating system. All supported versions of Microsoft Windows implement this protocol and are affected by this vulnerability. Microsoft is not aware of attacks that try to use the reported vulnerability at this time. Considering the attack scenario, this vulnerability is not considered high risk to customers.