To exploit this vulnerability, an attacker must intercept an SSL/TLS session, possibly by performing a man-in-the-middle attack against the targeted system. This requirement decreases the likelihood of a successful exploit.
Microsoft has corrected this vulnerability by modifying the way the Windows SSL provider component handles encrypted network packets.
The Cisco Applied Intelligence team has created an Applied Mitigation Bulletin to address vulnerabilities that Microsoft disclosed in the January 2013 security bulletin release. This Cisco bulletin, which assists administrators in identifying or mitigating these vulnerabilities using Cisco devices, is available at the following link: Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin Release for January 2013