Hello. Today we released Security Advisory 2588513, addressing an information-disclosure issue in SSL (Secure Sockets Layer) 3.0 and TLS (Transport Layer Security) 1.0 to provide guidance for customers. This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.
We are not aware of a way to exploit this issue in other protocols or components, and we have no reports of exploitation in the wild at this time; our investigation continues, but our research so far indicates that customers are at minimal risk. To successfully exploit this issue, the would-be attacker must meet several conditions:
