MS14-066: Microsoft’s ‘Heartbleed’
Microsoft’s November ‘Patch Tuesday’ contained quite a few critical updates. Here’s one you really need to take notice of.
MS14-066 is an identified remote code execution vulnerability in SChannel (the portion of Windows responsible for secure communications, including SSL/TLS).
What Does This Mean?
Should an attacker be able to exploit this vulnerability, they would be able to run arbitrary code on an affected system – which at this point at least is all versions of Windows Microsoft is still supporting!
Exploiting this vulnerability requires an attacker to send a specially crafted piece of information (a packet) to a vulnerable system, once the system receives this packet it would proceed to execute any instructions that were contained within it.
What Can I Do?
At this point, all you can do is wait for Microsoft to release the update that fixes MS14-066 (KB2992611) as Microsoft hasn’t identified any mitigating factors that would reduce the impact of this vulnerability.
It may be possible to configure any IDS/IPS that you may be running to detect and block these packets, but until someone releases a Proof of Concept exploit, it is difficult to know for sure.
We will be updating this post as more details about the mechanism of this vulnerability become available, in the meantime you can keep up to date with the progress of the patch by visiting the link below: