Last week Microsoft announced the discovery of a major security flaw referred to as the “SChannel” exploit. This security flaw could possibly be the worst one in Windows history. Microsoft has been forced to issue a critical patch for a vulnerability that affects every current version of its Windows operating system.

The bug affects code in the Microsoft secure channel (schannel) security component. This component implements the secure sockets layer and transport layer security (TLS) protocols.

A flaw in the code means it fails to properly filter specially formed packets allowing hackers to execute code remotely on an affected Windows machine.

According to the advisory, the flaw affects Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8/8.1, Windows Server 2012/2012 R2, and Windows RT/RT 8.1 machines. The flaw is rated critical for all affected operating systems.

Microsoft said that it “had not received any information to indicate that this vulnerability had been publicly used to attack customers”. This could potentially wreak havoc if someone codes it into a worm or mass botnet exploit which self-replicates, as many people imagine there could be about a week or so before a live exploit is reverse engineered from the patch

What this means for you –

  • Make sure your desktop computers are up to date by running latest Windows updates, which contain all necessary patches to remedy the exploit. However, you need to understand that the updates may have other negative effects depending on local configuration of your machine.
  • Patch all Windows desktops and servers to minimize risk of security breach. Instructions can be found here – https://support.microsoft.com/kb/2992611
  • If you do not feel comfortable to tackle this on your own, contact your IT Consultant immediately.
  • We are here to help. If you have any questions or concerns regarding the exploit or require assistance to patch your desktop or server, please do not hesitate to email us at support@infiniwiz.com or call us at 847-994-1111 (option 1).

    Other sources:
    http://www.securityweek.com/microsoft-warns-issues-recent-schannel-update-patch-away
    http://www.zdnet.com/microsoft-warns-of-problems-with-schannel-security-update-7000035835/