According to the US Computer Emergency Readiness Team (CERT) Knowledgebase, Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms. Because of a weakness in Schannel (CVE-2014-6321), a remote attacker could execute code on both client and server applications.
Supported operating systems affected by this vulnerability include:
? Windows Server 2003/2008/2012
? Windows Vista
? Windows 7
? Windows 8
? Windows 8.1
? Windows RT
In order to combat this exploit, Microsoft has released a patch which contains fixes for security flaws Microsoft engineers have identified. Microsoft has kept a tight lid on the issue to keep the public safe from anymore attacks, but did say the bug could allow a remote code execution if an intruder sends unique packets to a Windows server. This means an attacker may be able to execute whatever code they want through remote access and without an authorized account. For more information and instructions on how to obtain this patch, visit Microsoft?s vulnerability page by clicking here.
Tuesday, November 18, 2014
