Submission + - Microsoft Patches BEAST SSL Flaw in Windows (threatpost.com)
The vulnerability that is fixed by the patch in MS12-006 actually lies in the SSL 3.0/TLS 1.0 protocol. The attack that Rizzo and Duong developed and released in September enables them to decrypt users' SSL sessions on the fly and hijack them, including sessions with online banking sites and other sensitive sites. The bug has been known for a long time, but it wasn't until last year that a practical exploitation of it surfaced.