[BigFix-Announcements-Japan] BES Auto Notification: New Fixlets Published in Fixlet Site: 'Patches for Windows (Japanese)'

[autonotify at us.ibm.com]

Fixlet Site - 'Patches for Windows (Japanese)'
Current Version: 639	Published: Fri, 06 Mar 2015 19:42:52  GMT

New Fixlets:
============

***************************************************************
Title: 3046015: Security Advisory: Vulnerability in Schannel Could Allow Security Feature Bypass - Enable Workaround (Japanese)
Severity: N/A
Fixlet ID: 304601501
Fixlet Link: https://technet.microsoft.com/library/security/3046015

Fixlet Description: Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

***************************************************************
Title: 3046015: Security Advisory: Vulnerability in Schannel Could Allow Security Feature Bypass - Disable Workaround (Japanese)
Severity: N/A
Fixlet ID: 304601503
Fixlet Link: https://technet.microsoft.com/library/security/3046015

Fixlet Description: Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.