Patching or upgrading is necessary to remedy a security vulnerability in OpenSSL running on Microsoft Windows. Version 0.9.6 has a bug that could allow denial of service.
OpenSSL is an open-source implementation of the TLS (Transport Layer Security) and SSL (Secure Sockets Layer) protocols, used to provide security protection to a variety of Internet protocols, including Web and e-mail applications. OpenSSL uses ASN.1 (Abstract Syntax Notation One) objects as part of the protocol exchange. The vulnerability will allow some ASN.1 sequences to cause a large recursion, which Windows doesn't handle properly. A remote attacker can send a specially created client certificate to a server and crash OpenSSL, causing a denial of service.
FOR MORE INFORMATION: