PATCH Critical MS14-066 ASAP People!

Information pertaining to a Proof of Concept for the Critical MS14-066 is reported close to being implemented.  The MS14-066 is a vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows that may allow remote code execution if an attacker sends specially crafted packets to a Windows server.  The Microsoft Secure Channel (Schannel) is the component that implements the secure sockets layer and transport layer security (TLS) protocols.

Microsoft has been forced to issue a critical patch for a vulnerability stated that it “had not received any information to indicate that this vulnerability had been publicly used to attack customers”.

That can be short live between active developers trying to implement an exploit and once the patch is released, is will be reverse engineered from the patch.  From there it can be coded into a worm or mass botnet exploit which self-replicates causing immense damage.

A few security researchers have stated MS14-066 is actually worse than The Heartbleed Bug back in April 2014.

“If you have a windows server serving ANYTHING to the internet, patch now and save yourself a headache later.  This one is going to be big!”

You can read the actual Microsoft Bulletin (MS14-066) here – Vulnerability in Schannel Could Allow Remote Code Execution (2992611)

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.