Patch Tuesday: Massive vulnerability in Schannel could allow remote code execution
Posted by: Jon Ben-Mayor on 11/11/2014 05:22 PM
[
Comments
]
If you happen to use Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8/8.1, Windows Server 2012/2012 R2, or Windows RT/RT 8.1 - you will want to pay attention to today's security bulletin and download the patch ASAP....
This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.
A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets.
Microsoft has not identified any workarounds or mitigating factors for this vulnerability.
This security update is rated Critical for all supported releases of Microsoft Windows.
You can get the patch using either Windows Update or head over to Microsoft's Support site here and download the patch.
Source: Gizmodo
This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets.
Microsoft has not identified any workarounds or mitigating factors for this vulnerability.
This security update is rated Critical for all supported releases of Microsoft Windows.
You can get the patch using either Windows Update or head over to Microsoft's Support site here and download the patch.
Source: Gizmodo
Comments
