Windows Secure Channel Fixed on Patch Tuesday

A critical flaw (CVE-2014-6321) from Secure Channel (Schannel) Windows component that allowed attackers to execute code remotely has been patched on this November’s Patch Tuesday, according to Microsoft.

Schannel component implements the TLS and SSL authentication protocols for encrypted communications between server and client.

“A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets,” the advisory said.

“Microsoft received information about this vulnerability through coordinated vulnerability disclosure.”

This patch corrects the way “Schannel sanitizes specially crafted packets,” meaning that Schannel now filters crafted packets from malicious traffic going toward a Windows server.

Microsoft also bundled new TLS cipher suites in the security update to enable stronger encryption algorithms.

“These new cipher suites all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication.”

No mitigation factors or workarounds have been identified for the flaw, which impacts all Windows versions.

So far there have been no signs of attack on Windows users leveraging this vulnerability.

The vulnerability comes weeks after Microsoft published and offered mitigation steps for the Windows OLE zero-day vulnerability that allowed remote code execution via malicious Office files containing OLE objects.

Windows users and server administrators are advised to apply the fix issued by Microsoft to stay out of harm’ way.