Microsoft issued a warning on Tuesday regarding a vulnerability within Microsoft Secure Channel, that allows a remote execution of an arbitrary code. The vulnerability has an identifier CVE-2014-6321. It affects all supported versions of Windows.
The advisory states that the “security update is rated Critical for all supported releases of Microsoft Windows.” Therefore, it’s advised to update your Windows as soon as possible. In fact, a blog post by the SANS Institute suggests the update should have been called “Patch Now” instead of the official name MS14-066, especially when it comes to Windows servers. The post further warns that affected users likely have a week, possibly even less, to patch before an exploit is released.
There is currently no official workaround, although this might change as the issue is further analyzed. It’s advised to check for any SSL errors, even on non-Windows servers to spot any exploit attempts.
This vulnerability could turn into a worm like “slapper”, an OpenSSL worm exploiting Apache back in the day.
If you experience an attack due to this vulnerability, be sure to share your results with the cybersecurity community by using this form (SANS).
By LIFARS Cybersecurity, Vulnerability Assessment Test • • Tags: bug, channel, exploit, fix, issue, microsoft, MS14-066, openssl, operating, patch, sans, secure, security, server, SSL, system, update, vulnerability, warning, windows xp
About the author
LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.
Technology giant Microsoft never disclosed a major breach of its internal database tracking bugs, a...Read more arrow_forward
Technology giant Microsoft has revealed that its cloud-based user accounts have seen a 300% increase...Read more arrow_forward
Microsoft is beginning counter measures against the alleged state-sponsored Russian hacking group...Read more arrow_forward