Industry News

Windows Secure Channel Fixed on Patch Tuesday

A critical flaw (CVE-2014-6321) from Secure Channel (Schannel) Windows component that allowed attackers to execute code remotely has been patched on this November’s Patch Tuesday, according to Microsoft.

Schannel component implements the TLS and SSL authentication protocols for encrypted communications between server and client.

Backdoor Still Hidden in Patch for Wi-Fi Routers

“A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets,” the advisory said.

“Microsoft received information about this vulnerability through coordinated vulnerability disclosure.”

This patch corrects the way “Schannel sanitizes specially crafted packets,” meaning that Schannel now filters crafted packets from malicious traffic going toward a Windows server.

Microsoft also bundled new TLS cipher suites in the security update to enable stronger encryption algorithms.

“These new cipher suites all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication.”

No mitigation factors or workarounds have been identified for the flaw, which impacts all Windows versions.

So far there have been no signs of attack on Windows users leveraging this vulnerability.

The vulnerability comes weeks after Microsoft published and offered mitigation steps for the Windows OLE zero-day vulnerability that allowed remote code execution via malicious Office files containing OLE objects.

Windows users and server administrators are advised to apply the fix issued by Microsoft to stay out of harm’ way.

About the author

Lucian Ciolacu

Still the youngest Bitdefender News writer, Lucian is constantly after flash news in the security industry, especially when something is vulnerable or exploited. Besides digging for 'hacker' scoops and data leaks, he enjoys sports, such as football and tennis.
He has also combined an interest for social and political sciences, as a graduate of the Political Science Faculty, with a passion for guitar and computer games.

Add Comment

Click here to post a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.