Windows related Schannel vulnerability – since we are using HTTPS in many situations on Exchange Servers, I’m putting the information here as well.


 

 

The security update MS014-066 was released last Tuesday with the normal patch Tuesday releases and very little mention was made of it.

  

It addresses a vulnerability in Microsoft’s implementation of Secure Channel (SChannel) that is used to establish SSL connections.  If this vulnerability is exploited an attacker could run code remotely on servers and/or workstations that use the current SChannel algorithms. It can affect servers and clients as well, and the impact is the ability for remote code execution rather than just communication interception.

The good news is that the patch is available.  We highly recommend testing the patch and deploy it once tested as soon as possible.

So again, the patch is available and should be implemented as soon as possible.  The bad guys are already hard at work trying to reverse-engineer the patch (just as a comparison point, they only took 12 hours to figure-out and exploit Heartbleed)…

More information is available here:

https://technet.microsoft.com/library/security/MS14-066

http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/

 

Pasting the FAQ from the TechNet link above for quick reference:

What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run arbitrary code on a target server.

How could an attacker exploit the vulnerability?
An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server.

What systems are primarily at risk from the vulnerability?
Server and workstation systems that are running an affected version of Schannel are primarily at risk.

 

Many thanks to Mike MacGillivray for putting together all the above information !


Comments (0)

Skip to main content