https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36824#M27059 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P></P><P>Can anyone provide insight into the threat signature for MS10-049?&nbsp;&nbsp; What it triggers on, etc.?&nbsp; I have seen this triggered by Goggle domain IP sources that produce certificate errors.</P><P></P><P>Thanks,</P><P>Monica</P></BODY></HTML> Wed, 28 Aug 2013 22:10:51 GMT MLaden 2013-08-28T22:10:51Z https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36824#M27059 <HTML><HEAD></HEAD><BODY><P>Hi.</P><P></P><P>Can anyone provide insight into the threat signature for MS10-049?&nbsp;&nbsp; What it triggers on, etc.?&nbsp; I have seen this triggered by Goggle domain IP sources that produce certificate errors.</P><P></P><P>Thanks,</P><P>Monica</P></BODY></HTML> Wed, 28 Aug 2013 22:10:51 GMT https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36824#M27059 MLaden 2013-08-28T22:10:51Z https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36825#M27060 <HTML><HEAD></HEAD><BODY><P>We are seeing the same thing for awhile now as well.&nbsp; It looks to be something with users accessing GMAIL.</P></BODY></HTML> Thu, 26 Sep 2013 19:02:20 GMT https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36825#M27060 mmorfoot 2013-09-26T19:02:20Z https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36826#M27061 <HTML><HEAD></HEAD><BODY><P>Hello Monica,</P><P></P><P><SPAN style="color: #3b3b3b; font-family: 'Helvetica Neue', Helvetica, Arial, 'Lucida Grande', sans-serif;"> MS10-049 :</SPAN></P><P>There is a remote code execution vulnerability in Microsoft Windows SChannel when it validates a certificate request message sent by the server on a client. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through an Internet Web browser and then convince a user to view the Web site.</P><P></P><P>More information on it can be found at:</P><P><A href="http://technet.microsoft.com/en-us/security/bulletin/MS10-049" title="http://technet.microsoft.com/en-us/security/bulletin/MS10-049">Microsoft Security Bulletin MS10-049 - Critical : Vulnerabilities in SChannel could allow Remote Code Execution (980436)</A></P><P></P><P>Also, its known by CVE - 2010-2566. More information on that can be found at : <A href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2566" title="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2566">CVE -CVE-2010-2566</A></P><P></P><P>Our threat database does cover the signature by threat ID: 33372</P><P></P><P>Hope that is the information you were looking for.</P><P></P><P></P><P></P><P>Regards,</P><P>Kunal Adak</P></BODY></HTML> Thu, 26 Sep 2013 21:32:37 GMT https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36826#M27061 kadak 2013-09-26T21:32:37Z https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36827#M27062 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>Is there any recommendation by Palo Alto?</P><P>I mean if is there any way to tackle this in our palo alto firewall?</P><P></P><P>Regards,:smileyinfo:</P></BODY></HTML> Wed, 29 Oct 2014 17:29:07 GMT https://live.paloaltonetworks.com/t5/general-topics/microsoft-windows-schannel-malformed-certificate-request-remote/m-p/36827#M27062 SOC_CSG 2014-10-29T17:29:07Z