Published On: May 14th, 2015/Categories: Cognition, Data Security/3 min read/

CVE-2014-6321

Name: CVE-2014-6321 / MS14-066

Threat Type: Vulnerability

Severity: 10/10

Target: All unpatched versions of Windows

Release Date: 11th November 2014

Attack Surface: Huge – every version of Windows is vulnerable.

Summary: A privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows (the component that enables secure communication, e.g. SSL/TLS) . The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. The available patch from Microsoft corrects how Schannel sanitizes specially crafted packets.

Root Cause: Design flaw in Microsoft Secure Channel (Schannel) security package in Windows.

Remediative Action: Deploy Microsoft provided patches from Microsoft Windows Update. More details here https://technet.microsoft.com/library/security/MS14-066

Cognition View: This is bad. Really bad. All versions of Windows are affected and who knows how often this vulnerability has been exploited in the wild. All it takes is a user to send specially crafted packets to an Internet facing IIS server and they can then remotely execute code and own the box. In turn the attacker can do pretty much anything with that server, including spreading malware to any client that connects to it. Cognition’s advice on this one is to patch as soon as you can. Ideally test every patch against your applications first, but just remember that each minute you delay is another minute you’re exposed.

EVERY attacker in the world will be trying to exploit this vulnerability today so you need to get patching, NOW!

Full Detailshttps://technet.microsoft.com/library/security/MS14-066

The post CVE-2014-6321 appeared first on Cognition.

Cognition Logo

About Cognition

Cognition is a Specialist Cyber Security Integrator, focused on delivering the very best security guidance and providing an unprecedented level of service. The team is comprised solely of industry experts with each providing the best intelligence with a real world approach. It is this philosophy that enables Cognition to cut through the complexity of today’s threat landscape and provide the latest innovative security solutions that deliver true business value. Learn more about Cognition at https://cognitionsecure.com.

 

Share This Post!

About the Author: Carl Gottlieb
I'm the trusted privacy advisor to leading tech companies, helping them gain maximum advantage through the right privacy strategy. My consultancy company Cognition provides a range of privacy and security services including Data Protection Officers, in-depth assessments and virtual security engineers. Get in touch if you'd like to learn more.

Related articles