BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- Subject: [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- From: bill.n1vux at gmail.com (Bill Ricker)
- Date: Sat, 15 Nov 2014 00:45:11 -0500
- In-reply-to: <Pine.NEB.4.64.1411150030250.24143@panix1.panix.com>
- References: <Pine.NEB.4.64.1411150030250.24143@panix1.panix.com>
This was discussed pretty much all week on SANS Internet Storm Center "Daily Stormcast" podcast. Handler Diaries - https://isc.sans.edu/diary/How+bad+is+the+SCHANNEL+vulnerability+%28CVE-2014-6321%29+patched+in+MS14-066%3F/18947 & https://isc.sans.edu/diary/SChannel+Update+and+Experimental+Vulnerability+Scanner+%28MS14-066%29/18953 Especially If running Net-visible Windows servers -- e.g. ASPX windows servers -- this *is* urgent. 2nd priority, laptops. Unclear which services a non-server might be vulnerable with to intRAnet attack, so patch them too. /b On Sat, Nov 15, 2014 at 12:32 AM, Stephen Ronan <sronan at panix.com> wrote: > > November 14: > "This flaw allows a remote attacker to execute arbitrary code and > fully compromise vulnerable systems" > https://www.us-cert.gov/ncas/alerts/TA14-318A > > This is what my ISP has to say about it. > > ========================================= > "Extremely serious Windows security vulnerability (alexis) Fri Nov 14 > 19:07:51 2014 > > We don't usually post warnings about security issues in Windows, but this > one is so severely dangerous that it deserves a special mention, because it > applies to every Windows version since 2000, and it does not require any > user behavior - you just have to be on the Internet. If you have Windows > machines, either clients or servers, we advise you to *urgently* drop > whatever you're doing and get them patched. Don't wait for your next > maintenance window (if you have a schedule). > > The US CERT advisory for this vulnerability is: > https://www.us-cert.gov/ncas/alerts/TA14-318A > The last two references listed provide some good insight on this. > > If you thought "heartbleed" and "shellshock" were bad... this is worse. > Much much worse." > > ================================================= > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://lists.blu.org/mailman/listinfo/discuss -- Bill Ricker bill.n1vux at gmail.com https://www.linkedin.com/in/n1vux
- Follow-Ups:
- [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- From: sronan at panix.com (Stephen Ronan)
- [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- References:
- [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- From: sronan at panix.com (Stephen Ronan)
- [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- Prev by Date: [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- Next by Date: [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- Previous by thread: [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- Next by thread: [Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
- Index(es):