POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt cipher-text using a padding oracle side-channel attack.
SMSMSE does not need SSLv3.0 to run correctly. In normal operations SMSMSE does not use SSLv3.0.
In order to be certain that it can’t be used for any exploit of this vulnerability, disable SSLv3.0 either on Internet Explorer (SMSMSE Console) or on IIS (SMSMSE server) or both where HTTPS connections have been enabled.
For more information refer to the following KB from
Microsoft further recommends disabling SSLv3.0 on other Windows server and browser components to avoid any risk of POODLE-related attacks. See https://technet.microsoft.com/en-us/library/security/3009008.aspx for more information. Care should be taken as this may cause problems with some legacy applications that require SSLv3.0, but this is not the case with SMSMSE.
Imported Document ID: TECH225813
Subscribing will provide email updates when this Article is updated. Login is required.