14 DAY TRIAL // The latest set of monthly updates from Microsoft includes a patch for a privately disclosed security vulnerability in the Security Channel (schannel) component of Windows, impacting all current versions of the operating system.
Schannel is responsible for implementing the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) authentication protocols used for encrypted communication between a client and a server over the web.
Workstations and servers are equally affected
If exploited, the vulnerability, which is now identified as CVE-2014-6321, offers the possibility of remote execution of arbitrary code on the affected machine.
The glitch consists in failure to properly filter specially-crafted packets in malicious traffic intended for a Windows server.
Workstation systems are also impacted by the flaw because they can run server software that listens to specific ports and accepts connections from different clients.
In a security bulletin from Microsoft, it is stated that no workarounds are available for mitigating the problem, applying the update being the only solution to fix the issue.
No evidence of attacks in the wild leveraging the flaw
Apart from solving this problem, the company also included new TLS cipher suites that would secure customer information with stronger encryption.
“These new cipher suites all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication,” the bulletin informs.
Perfect forward secrecy (PFS) is a feature in public-key cryptography that ensures the safety of a session key in the event of having a private key compromised.
All versions of Windows, Server 2003 through Windows 8.1, both 32-bit and 64-bit versions – RT included, are susceptible to attacks based on exploiting CVE-2014-6321.
At the moment, there is no evidence pointing at the flaw being leveraged in the wild, but the public bug disclosure on Tuesday may result in an effort from cybercriminals to create an exploit and start scanning for vulnerable machines.
Crooks are quick at creating exploits for recently uncovered weaknesses
Last month, a week after Adobe released a security update for Flash Player, exploits for two of the glitches were incorporated into browser-based crimeware Angler and Fiesta.
This goes to show that cybercriminals are quick at taking advantage of serious security weaknesses, as they are ready to invest the necessary resources to reverse engineer the patches and come up with a way to compromise vulnerable machines.
The Schannel flaw fix is part of the November round of updates from Microsoft, which included no less than 16 security bulletins for different Windows components and products.