November 13, 2014 by

Critical Vulnerability Within Microsoft Secure Channel Allows Remote Code Execution

Microsoft issued a warning on Tuesday regarding a vulnerability within Microsoft Secure Channel, that allows a remote execution of an arbitrary code. The vulnerability has an identifier CVE-2014-6321. It affects all supported versions of Windows.

The advisory states that the “security update is rated Critical for all supported releases of Microsoft Windows.” Therefore, it’s advised to update your Windows as soon as possible. In fact, a blog post by the SANS Institute suggests the update should have been called “Patch Now” instead of the official name MS14-066, especially when it comes to Windows servers. The post further warns that affected users likely have a week, possibly even less, to patch before an exploit is released.

There is currently no official workaround, although this might change as the issue is further analyzed. It’s advised to check for any SSL errors, even on non-Windows servers to spot any exploit attempts.

This vulnerability could turn into a worm like “slapper”, an OpenSSL worm exploiting Apache back in the day.

If you experience an attack due to this vulnerability, be sure to share your results with the cybersecurity community by using this form (SANS).


About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Microsoft Sees Cryptocurrency Miners as an ‘Increasing Threat’

Software giant Microsoft has labelled malicious cryptocurrency miners as an increasing threat as...

Read more arrow_forward

Meltdown, Spectre Bugs Bring More Grief to Microsoft, AMD Users

Microsoft has temporarily paused issuing patches to the Metldown and Spectre vulnerabilities for AMD...

Read more arrow_forward

Microsoft’s Secret Bug Database was Hacked in 2013

Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...

Read more arrow_forward