aspdaddy - 1:58 pm on May 1, 2012 (gmt 0)
From my host:
It's an attack that has been documented on some level for about ten years. The fix on that site does not appear to work as advertised, or the scanner is not detecting things properly, as even when applied it does not say the vulnerability is solved.
Yes its been around since about 1999, andthe fix does not work as advertised on the article.
To fix, SSL needs to be be upgraded to TLS 1.1 or TLS 1.2 (largely unsupported) and then apply MS12-006 if using Windows. But as the client and server need pathching there is no real fix!