Release date:
Updated on:
Affected Systems:
Microsoft Windows Phone 8
Microsoft Windows phones 7.8
Description:
--------------------------------------------------------------------------------
Bugtraq id: 61592
Microsoft Windows Phone is a series of mobile device operating systems developed by Microsoft.
Windows Phone 8, Windows Phone 7.8 has a security vulnerability in the PEAP-MS-CHAPv2 for WPA2 Wireless authentication, which attackers can exploit to obtain sensitive information about the target device. To exploit this vulnerability, the system controlled by the attacker must act as a known Wi-Fi access point so that the target device can automatically perform authentication with the access point, attackers can then intercept the victim's encrypted domain certificate and use vulnerabilities in the PEAP-MS-CHAPv2 protocol to obtain network resources.
<* Source: Microsoft
Link: http://technet.microsoft.com/en-us/security/advisory/2876146
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Microsoft
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://technet.microsoft.com/security/bulletin/