Perhaps the most commonly known vulnerability of the year was the Heartbleed bug which exploited SSL’s in browsers everywhere. Microsoft may have a similar issue on their hands and has released a patch through Windows Update. This update is extremely critical for anyone using Windows and should be updated as soon as possible.
According to the US Computer Emergency Readiness Team (CERT) Knowledgebase, Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms. Because of a weakness in Schannel (CVE-2014-6321), a remote attacker could execute code on both client and server applications. Supported operating systems affected by this vulnerability include:
• Windows Server 2003/2008/2012
• Windows Vista
• Windows 7
• Windows 8
• Windows 8.1
• Windows RT
In order to combat this exploit, Microsoft has released a patch which contains fixes for security flaws Microsoft engineers have identified.
Microsoft has kept a tight lid on the issue to keep the public safe from anymore attacks, but did say the bug could allow a remote code execution if an intruder sends unique packets to a Windows server. This means an attacker may be able to execute whatever code they want through remote access and without an authorized account.
For more information and instructions on how to obtain this patch, visit Microsoft’s vulnerability page by clicking here. If you are having trouble updating your system contact RedOrum for assistance to keep your computer safe.