For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

windows xp validating identity network-67

Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability.

The following mitigating factors may be helpful in your situation: Workaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update.

It should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities.

To determine the support lifecycle for your software release, see Select a Product for Lifecycle Information.

The security update addresses the vulnerabilities by implementing RFC 5746 and additional validation on SSL responses returned by a server.

For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.A spoofing vulnerability exists in the TLS/SSL protocol, implemented in the Microsoft Windows SChannel authentication component.An attacker who successfully exploited this vulnerability would be able to introduce information on a TLS/SSL protected connection, effectively sending traffic spoofing the authenticated client.For more information on this installation option, see the Tech Net articles, Managing a Server Core Installation and Servicing a Server Core Installation.Note that the Server Core installation option does not apply to certain editions of Windows Server 2008 and Windows Server 2008 R2; see Compare Server Core Installation Options. Refer to the reference tables in the Security Update Deployment section for the location of the file information details.This security addresses a vulnerability previously discussed in Microsoft Security Advisory 977377.