Remember Heartbleed? You know, the exploit in SSL that was so bad it got its own brand?
Microsoft may have an issue of similar scale on its hands with a critical patch issued via Windows Update today. The patch in question is MS14-066, or otherwise known as the cryptically named “Vulnerability in Schannel Could Allow Remote Code Execution,” which affects Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT. Microsoft gives few details about the exploit, other than saying that the bug would “allow remote code execution if an attacker sends specially crafted packets to a Windows server.” In other words, if an attacker modified packets in a particular way and attacked your machine, they may be able to execute whatever code they like remotely without an authorized an account.
The attack appears to only affect those running a server on affected platforms. This is particularly bad as the hole itself is in the Schannel library, which is the layer that handles encryption and authentication in Windows, particularly for HTTP applications. The bad news? It affects everything running a modern version of Windows, meaning businesses will need to patch a lot of machines as soon as possible. Microsoft also says that there is no workaround or ways to mitigate the attack, other than via a patch. The good news is that Microsoft says there is no evidence this bug has been exploited in the wild and there’s a patch out right now on Windows Update. Server admins, start your Windows Update…
Patch your boxen, this one is pretty serious.