[Discuss] OT: Microsoft Secure Channel (Schannel) Vulnerability
Stephen Ronan
sronan at panix.com
Sat Nov 15 00:32:24 EST 2014
November 14:
"This flaw allows a remote attacker to execute arbitrary code and
fully compromise vulnerable systems"
https://www.us-cert.gov/ncas/alerts/TA14-318A
This is what my ISP has to say about it.
=========================================
"Extremely serious Windows security vulnerability (alexis) Fri
Nov 14 19:07:51 2014
We don't usually post warnings about security issues in Windows, but this
one is so severely dangerous that it deserves a special mention, because it
applies to every Windows version since 2000, and it does not require any user
behavior - you just have to be on the Internet. If you have Windows machines,
either clients or servers, we advise you to *urgently* drop whatever you're
doing and get them patched. Don't wait for your next maintenance window (if you
have a schedule).
The US CERT advisory for this vulnerability is:
https://www.us-cert.gov/ncas/alerts/TA14-318A
The last two references listed provide some good insight on this.
If you thought "heartbleed" and "shellshock" were bad... this is worse.
Much much worse."
=================================================
More information about the Discuss
mailing list