|
National Cyber Awareness System: 11/14/2014 10:32 AM EST
Original release date: November 14, 2014
Systems Affected
Microsoft Windows XP and 2000 may also be affected. OverviewA critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network traffic.[1] DescriptionMicrosoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms.[2, 3] Due to a flaw in Schannel, a remote attacker could execute arbitrary code on both client and server applications.[1] It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds.[2] Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks.[4] An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014.[5] ImpactThis flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.[6] SolutionMicrosoft has released Security Bulletin MS14-066 to address this vulnerability in supported operating systems.[2] References
Revision History
This product is provided subject to this Notification and this Privacy & Use policy.
SUBSCRIBER SERVICES:
|
||||||||||||
