Microsoft has issued a critical patch, dubbed MS14-066, via Windows Update that aims to fix a security vulnerability which could be as scary as the infamous Heartbleed bug that surfaced earlier this year. The flaw affects almost every modern version of the Windows operating system, including Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.
Microsoft hasn’t provided much details on the vulnerability, except that it is in the company’s Secure Channel (Schannel) security package, something which is responsible for handling encryption and authentication in Windows, particularly for HTTP applications, and allows remote code execution via specially crafted packets sent to a Windows server.
Simply said, if an attacker modified packets in a particular way and used them to attack your machine, they may be able to execute whatever code they like remotely without any authorization. The attack apparently only affects those running a server on affected platforms.
Microsoft says it hasn’t been able to identify any workarounds or mitigation factors for the vulnerability, which means that the patch is the only solution.
Although Microsoft didn’t mention whether the vulnerability has been exploited in the wild, it’s still a good idea and strongly advisable to grab the patch, get it installed, and fix the problem before it raises its ugly head. Head to windows update to download.
We would like to remind our IT support clients that we will apply the update to your system remotely.