
Reference: CERT-EU Security Advisory 2014-248

Title: IMPORTANT: Critical Vulnerability in Schannel Could Allow Remote
Code Execution
(KB2992611) CVE-2014-6321

Version history:

11.11.2014 Initial publication.


Dear Colleagues,

Overview:
=========

A privately reported vulnerability in the Microsoft Secure Channel
(Schannel) security package in Windows has been found. SCHANNEL is the
standard SSL library that ships with Windows. The vulnerability could
allow remote code execution if an attacker sends specially crafted
packets to a Windows server. Microsoft also assigned this vulnerability
an exploitability of "1", indicating that an exploit is likely going to
be developed soon. [2]

For more information about this update, see Microsoft Security Bulletin
MS14-066)[1]


Affected Software:
===========

Windows Server 2003
Windows Vista
Windows Server 2008
Windows 7
Windows Server 2008 R2
Windows 8 and Windows 8.1
Windows Server 2012 and Windows Server 2012 R2
Windows RT and Windows RT 8.1


Details:
===============

A remote code execution vulnerability exists in the Secure Channel
(Schannel) security package due to the improper processing of specially
crafted packets.

Microsoft received information about this vulnerability through
coordinated vulnerability disclosure. When this security bulletin was
issued, Microsoft had not received any information to indicate that this
vulnerability had been publicly used to attack customers. The update
addresses the vulnerability by correcting how Schannel sanitizes
specially crafted packets.

FAQ:
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could run
arbitrary code on a target server.

How could an attacker exploit the vulnerability?
An attacker could attempt to exploit this vulnerability by sending
specially crafted packets to a Windows server.

What systems are primarily at risk from the vulnerability?
Server and workstation systems that are running an affected version of
Schannel are primarily at risk - i.e. anything that runs SSL services on
Windows (e.g., web servers, mail servers, etc.)


Recommendations:
===============

Apply update immediately.

Mitigating Factors: Microsoft has not identified any mitigating factors
for this vulnerability.

Workarounds: Microsoft has not identified any workarounds for this
vulnerability.


References:
===========
[1] https://technet.microsoft.com/library/security/MS14-066
[2]
http://blogs.technet.com/b/srd/archive/2014/11/11/assessing-risk-for-the-november-2014-security-updates.aspx



Best Regards,

CERT-EU Team (http://cert.europa.eu)
Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu
PGP KeyID 0x46AC4383
FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383
Privacy Statement:
http://cert.europa.eu/cert/plainedition/en/cert_privacy.html