It’s another doozy of a Patch Tuesday, with Microsoft fixing a critical vulnerability that opens computers up to remote code execution.
The vulnerability, covered under bulletin MS14-066, can allow an attacker to execute code on a Windows server if they send specially-formed packets to that device. Patches for the flaw run all the way back to Windows Server 2003, and it looks like it has been around for a while.
What’s particularly dangerous about this remote execution flaw is that it’s in the Schannel library, which handles encryption and authentication, particularly for HTTP applications. Details about the flaw aside from its remote code execution capabilities are fairly scarce, so it’s not clear exactly what attackers would be able to do if they took advantage of the vulnerability.
According to Microsoft, the flaw hasn’t been exploited in the wild yet, so sysadmins probably don’t have to worry about past attacks using this particular vulnerability. Still, now that it has been disclosed, people should move quickly to update their computers, especially servers.
Users and administrators can get the patch through Windows Update.
