[Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability

[sronan at panix.com (Stephen Ronan)]

November 14:
"This flaw allows a remote attacker to execute arbitrary code and
fully compromise vulnerable systems"
https://www.us-cert.gov/ncas/alerts/TA14-318A

This is what my ISP has to say about it.

=========================================
"Extremely serious Windows security vulnerability (alexis) Fri 
Nov 14 19:07:51 2014

    We don't usually post warnings about security issues in Windows, but this 
one is so severely dangerous that it deserves a special mention, because it 
applies to every Windows version since 2000, and it does not require any user 
behavior - you just have to be on the Internet. If you have Windows machines, 
either clients or servers, we advise you to *urgently* drop whatever you're 
doing and get them patched. Don't wait for your next maintenance window (if you 
have a schedule).

    The US CERT advisory for this vulnerability is:
       https://www.us-cert.gov/ncas/alerts/TA14-318A
    The last two references listed provide some good insight on this.

    If you thought "heartbleed" and "shellshock" were bad... this is worse.
    Much much worse."

=================================================