[SECURITY-L] TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321)
CSIRT - UNICAMP
security em unicamp.br
Seg Nov 17 10:39:42 -02 2014
TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability
(CVE-2014-6321)
NCCIC / US-CERT
National Cyber Awareness System:
TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability
(CVE-2014-6321) <https://www.us-cert.gov/ncas/alerts/TA14-318A>
11/14/2014 10:32 AM EST
Original release date: November 14, 2014
Systems Affected
* Microsoft Windows Server 2003 SP2
* Microsoft Windows Vista SP2
* Microsoft Windows Server 2008 SP2
* Microsoft Windows Server 2008 R2 SP1
* Microsoft Windows 7 SP1
* Microsoft Windows 8
* Microsoft Windows 8.1
* Microsoft Windows Server 2012
* Microsoft Windows Server 2012 R2
* Microsoft Windows RT
* Microsoft Windows RT 8.1
Microsoft Windows XP and 2000 may also be affected.
Overview
A critical vulnerability in Microsoft Windows systems could allow a
remote attacker to execute arbitrary code via specially crafted network
traffic.[1] <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321>
Description
Microsoft Secure Channel (Schannel) is a security package that provides
SSL and TLS on Microsoft Windows platforms.[2
<https://technet.microsoft.com/library/security/MS14-066>, 3
<http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx>]
Due to a flaw in Schannel, a remote attacker could execute arbitrary
code on both client and server applications.[1]
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321>
It may be possible for exploitation to occur without authentication and
via unsolicited network traffic. According to Microsoft MS14-066, there
are no known mitigations or workarounds.[2]
<https://technet.microsoft.com/library/security/MS14-066>
Microsoft patches are typically reverse-engineered and exploits
developed in a matter of days or weeks.[4]
<http://www.reddit.com/r/netsec/comments/2m1alz/microsoft_security_bulletin_ms14066/>
An anonymous Pastebin user has threatened to publish an exploit on
Friday, November 14, 2014.[5] <http://pastebin.com/bsgX01dU>
Impact
This flaw allows a remote attacker to execute arbitrary code and fully
compromise vulnerable systems.[6] <http://adi.is/winshock.txt>
Solution
Microsoft has released Security Bulletin MS14-066 to address this
vulnerability in supported operating systems.[2]
<https://technet.microsoft.com/library/security/MS14-066>
References
* [1] NIST Vulnerability Summary for CVE-2014-6321
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321>
* [2] Microsoft Security Bulletin MS14-066 - Critical
<https://technet.microsoft.com/library/security/MS14-066>
* [3] Microsoft, Secure Channel
<http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx>
* [4] Reddit, Microsoft Security Bulletin MS14-066
<http://www.reddit.com/r/netsec/comments/2m1alz/microsoft_security_bulletin_ms14066/>
* [5] Pastebin, SChannelShenanigans <http://pastebin.com/bsgX01dU>
* [6] Winshock.txt <http://adi.is/winshock.txt>
Revision History
* November 14, 2014: Initial Release
------------------------------------------------------------------------
This product is provided subject to this Notification
<http://www.us-cert.gov/privacy/notification> and this Privacy & Use
<http://www.us-cert.gov/privacy/> policy.
------------------------------------------------------------------------
OTHER RESOURCES:
Contact Us <http://www.us-cert.gov/contact-us/> | Security Publications
<http://www.us-cert.gov/security-publications> | Alerts and Tips
<http://www.us-cert.gov/ncas> | Related Resources
<http://www.us-cert.gov/related-resources>
STAY CONNECTED:
Sign up for email updates
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new>
SUBSCRIBER SERVICES:
Manage Preferences
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true> | Unsubscribe
<https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.7c8ce4d3117305e79fd4ab8b330b9e90&destination=daniela@ccuec.unicamp.br> | Help
<https://subscriberhelp.govdelivery.com/>
------------------------------------------------------------------------
This email was sent to daniela em ccuec.unicamp.br using GovDelivery, on
behalf of: United States Computer Emergency Readiness Team (US-CERT) ·
245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110
Powered by GovDelivery <http://www.govdelivery.com/portals/powered-by>
Mais detalhes sobre a lista de discussão SECURITY-L