Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability



This  was discussed pretty much all week on SANS Internet Storm Center
"Daily Stormcast"  podcast.

Handler Diaries -

https://isc.sans.edu/diary/How+bad+is+the+SCHANNEL+vulnerability+%28CVE-2014-6321%29+patched+in+MS14-066%3F/18947
&
https://isc.sans.edu/diary/SChannel+Update+and+Experimental+Vulnerability+Scanner+%28MS14-066%29/18953


Especially If running Net-visible Windows servers -- e.g. ASPX windows
servers -- this *is* urgent.  2nd priority, laptops.
   Unclear which services a non-server might be vulnerable with to
intRAnet attack, so patch them too.

/b

On Sat, Nov 15, 2014 at 12:32 AM, Stephen Ronan <sronan at panix.com> wrote:
>
> November 14:
> "This flaw allows a remote attacker to execute arbitrary code and
> fully compromise vulnerable systems"
> https://www.us-cert.gov/ncas/alerts/TA14-318A
>
> This is what my ISP has to say about it.
>
> =========================================
> "Extremely serious Windows security vulnerability (alexis) Fri Nov 14
> 19:07:51 2014
>
>    We don't usually post warnings about security issues in Windows, but this
> one is so severely dangerous that it deserves a special mention, because it
> applies to every Windows version since 2000, and it does not require any
> user behavior - you just have to be on the Internet. If you have Windows
> machines, either clients or servers, we advise you to *urgently* drop
> whatever you're doing and get them patched. Don't wait for your next
> maintenance window (if you have a schedule).
>
>    The US CERT advisory for this vulnerability is:
>       https://www.us-cert.gov/ncas/alerts/TA14-318A
>    The last two references listed provide some good insight on this.
>
>    If you thought "heartbleed" and "shellshock" were bad... this is worse.
>    Much much worse."
>
> =================================================
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss



-- 
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org