[SECURITY-L] TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321)

CSIRT - UNICAMP security em unicamp.br
Seg Nov 17 10:39:42 -02 2014 

TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability
(CVE-2014-6321)

NCCIC / US-CERT

National Cyber Awareness System:

TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability
(CVE-2014-6321) <https://www.us-cert.gov/ncas/alerts/TA14-318A>
11/14/2014 10:32 AM EST

Original release date: November 14, 2014


      Systems Affected

  * Microsoft Windows Server 2003 SP2
  * Microsoft Windows Vista SP2
  * Microsoft Windows Server 2008 SP2
  * Microsoft Windows Server 2008 R2 SP1
  * Microsoft Windows 7 SP1
  * Microsoft Windows 8
  * Microsoft Windows 8.1
  * Microsoft Windows Server 2012
  * Microsoft Windows Server 2012 R2
  * Microsoft Windows RT
  * Microsoft Windows RT 8.1

Microsoft Windows XP and 2000 may also be affected.


      Overview

A critical vulnerability in Microsoft Windows systems could allow a
remote attacker to execute arbitrary code via specially crafted network
traffic.[1] <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321>


      Description

Microsoft Secure Channel (Schannel) is a security package that provides
SSL and TLS on Microsoft Windows platforms.[2
<https://technet.microsoft.com/library/security/MS14-066>, 3
<http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx>]
Due to a flaw in Schannel, a remote attacker could execute arbitrary
code on both client and server applications.[1]
<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321>

It may be possible for exploitation to occur without authentication and
via unsolicited network traffic. According to Microsoft MS14-066, there
are no known mitigations or workarounds.[2]
<https://technet.microsoft.com/library/security/MS14-066>

Microsoft patches are typically reverse-engineered and exploits
developed in a matter of days or weeks.[4]
<http://www.reddit.com/r/netsec/comments/2m1alz/microsoft_security_bulletin_ms14066/>
An anonymous Pastebin user has threatened to publish an exploit on
Friday, November 14, 2014.[5] <http://pastebin.com/bsgX01dU>


      Impact

This flaw allows a remote attacker to execute arbitrary code and fully
compromise vulnerable systems.[6] <http://adi.is/winshock.txt>


      Solution

Microsoft has released Security Bulletin MS14-066 to address this
vulnerability in supported operating systems.[2]
<https://technet.microsoft.com/library/security/MS14-066>


      References

  * [1] NIST Vulnerability Summary for CVE-2014-6321
    <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321>
  * [2] Microsoft Security Bulletin MS14-066 - Critical
    <https://technet.microsoft.com/library/security/MS14-066>
  * [3] Microsoft, Secure Channel
    <http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx>
  * [4] Reddit, Microsoft Security Bulletin MS14-066
    <http://www.reddit.com/r/netsec/comments/2m1alz/microsoft_security_bulletin_ms14066/>
  * [5] Pastebin, SChannelShenanigans <http://pastebin.com/bsgX01dU>
  * [6] Winshock.txt <http://adi.is/winshock.txt>


      Revision History

  * November 14, 2014: Initial Release

------------------------------------------------------------------------

This product is provided subject to this Notification
<http://www.us-cert.gov/privacy/notification> and this Privacy & Use
<http://www.us-cert.gov/privacy/> policy.

------------------------------------------------------------------------
OTHER RESOURCES:
Contact Us <http://www.us-cert.gov/contact-us/> | Security Publications
<http://www.us-cert.gov/security-publications> | Alerts and Tips
<http://www.us-cert.gov/ncas> | Related Resources
<http://www.us-cert.gov/related-resources>

STAY CONNECTED:
Sign up for email updates
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new>

SUBSCRIBER SERVICES:
Manage Preferences
<http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true>  |  Unsubscribe
<https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.7c8ce4d3117305e79fd4ab8b330b9e90&destination=daniela@ccuec.unicamp.br>  |  Help
<https://subscriberhelp.govdelivery.com/>

------------------------------------------------------------------------
This email was sent to daniela em ccuec.unicamp.br using GovDelivery, on
behalf of: United States Computer Emergency Readiness Team (US-CERT) ·
245 Murray Lane SW Bldg 410 · Washington, DC 20598 · (703) 235-5110
Powered by GovDelivery <http://www.govdelivery.com/portals/powered-by>

Mais detalhes sobre a lista de discussão SECURITY-L