Microsoft has discovered a “critical vulnerability” in versions of its desktop operating system from Windows Server 2003 onwards. According to the company, there is a “ vulnerability Schannel that could allow remote code execution.”
This security breach affects Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT . Microsoft has not given many details about the error, but warns that an attacker sends specially crafted packets to a Windows server could execute code remotely without user authorization. The attack affects only those running a server on affected platforms.
To counter this security breach, Microsoft has developed a patch , called MS14-066, which is now available for download through Windows Update, reports TNW .
Some compare this hole Heartbleed, which affected OpenSSL. The vulnerability of Windows is in the Schannel library, which is the layer that handles encryption and authentication on Windows, particularly for HTTP applications. The good, or bad, is that it only affects machines running a modern version of Windows. But in practice, are only safe Windows XP PCs. Users of the latest versions, including corporations, have to patch as soon as possible.
Microsoft says that there is no solution to mitigate attacks in addition to their patch. Yes, the company says no evidence that this error has been exploited yet.
Now you can read articles on Google Currents ITespresso: Up
No comments:
Post a Comment