Microsoft posts critical patch for huge Windows vulnerability

[mercurial]

Microsoft posts critical patch for huge Windows vulnerability that affects all modern machines

Remember Heartbleed? You know, the exploit in SSL that was so bad it got its own brand? Microsoft may have an issue of similar scale on its hands with a critical patch issued via Windows Update today.

The patch in question is MS14-066, or otherwise known as the cryptically named “Vulnerability in Schannel Could Allow Remote Code Execution,” which affects Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.

Microsoft gives few details about the exploit, other than saying that the bug would “allow remote code execution if an attacker sends specially crafted packets to a Windows server.”

In other words, if an attacker modified packets in a particular way and attacked your machine, they may be able to execute whatever code they like remotely without an authorized an account. The attack appears to only affect those running a server on affected platforms.

This is particularly bad as the hole itself is in the Schannel library, which is the layer that handles encryption and authentication in Windows, particularly for HTTP applications.

The bad news? It affects everything running a modern version of Windows, meaning businesses will need to patch a lot of machines as soon as possible. Microsoft also says that there is no workaround or ways to mitigate the attack, other than via a patch.

The good news is that Microsoft says there is no evidence this bug has been exploited in the wild and there’s a patch out right now on Windows Update. Server admins, start your Windows Update….

➤ MS14-066 (Microsoft TechNet)

 

[ToxicBunny]

MutherTRUCKER!

 

[HDS]

Thanks for the heads up.

 

[Arthur]

Thanks. From the phone just remotely updated all my systems using Pulseway.

 

[reactor_sa]

My machines all have auto update enabled. They will updated this evening. No issue, these things happen all the time, it's only a matter of time until someone discovers them.

 

[TelkomUseless]

My machines all have auto update enabled. They will updated this evening. No issue, these things happen all the time, it's only a matter of time until someone discovers them.

this.

 

[w1z4rd]

Theres about one of these a month with windows. And there is nothing cryptic about the word, "vulnerability" . So basically a normal patch Tuesday then.

 

[Rickster]

What's the KB code?

 

[Elax]

https://support.microsoft.com/kb/2992611

 

[TelkomUseless]

meaning businesses will need to patch a lot of machines as soon as possible.

so what have businesses done this far? What is different? Machines gets updates all the time

 

[reactor_sa]

Only people crying are the ones running manual updates

 

[Progenix Oj101]

MutherTRUCKER!

What?

Only people crying are the ones running manual updates

I do, otherwise Windows wants to restart all the time. Shutdowns once every two months = too often as is.

 

[gregmcc]

Move along...Just another patch day.

 

[kianm]

Move along...Just another patch day.

+1

 

[mercurial]

How does a Windows bug go undetected for 19 years?

 

[Compton_effect]

How does a Windows bug go undetected for 19 years?

It doesn't. Microsoft finally gets the go-ahead from the NSA and co to patch the bug they discovered years ago.
(Yeah, grab your tinfoil hat, but looking a the headlines of the past few months, tell me it can't happen.)