SECURITY ADVISORY - All Windows OS's : Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321)
Posted by Barry Bahrami on 14 November 2014 01:51 PM
A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network traffic.
Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms. Due to a flaw in Schannel, a remote attacker could execute arbitrary code on both client and server applications. It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds. Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks. An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014. This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.
We strongly urge all subscribers to update their Windows OS as soon as possible. This includes all Windows PC's not hosted by CNS. Please contact CNS support if you would like these updates to be installed by CNS technicians.
Keeping your VM up to date:
Your VM will alert you when updates are available. In Windows 2003 OS's, a yellow shield will appear in the system trey at the bottom/right. In Windows 2008 systems, a blue server with a gold arrow circling it will appear. To begin the install process, double click on the update icon and follow the prompts. Be sure to confirm the reboot after updates are installed. We recommend that you double check there are no more windows updates to install after completion.
Keeping your VM up to date is the best way to keep it safe from exploits.
Thank you for choosing Commercial Network Services. Please let us know if you have any questions or concerns. We are always here to help you. We maintain a ticketing system in order to effectively address and track your support issues. Please login to your Client Area and click "Help Desk" near the top, then click "Submit a Ticket" to send a new support request to our technicians.