Overview
A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network packets.
Description
Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms. Due to a flaw in Schannel (CVE-2014-6321), a remote attacker could execute arbitrary code on both client and server applications. It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds. Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks. An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014. Immunity Inc. has developed a proof of concept exploit for their CANVAS tool. ANEXIA has published a tool to test if a system is vulnerable. |
Impact
This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems. |
Solution
Apply an update |
Vendor Information
Many versions of Microsoft Windows operating systems are confirmed vulnerable, including:
|
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.3 | E:F/RL:OF/RC:C |
| Environmental | 9.0 | CDP:MH/TD:H/CR:ND/IR:ND/AR:ND |
References
- https://technet.microsoft.com/library/security/MS14-066
- http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321
- http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx
- http://adi.is/winshock.txt
- http://pastebin.com/bsgX01dU
- https://gist.github.com/hmoore-r7/3379af8b0419ddb0c76b
- http://seclists.org/dailydave/2014/q4/32
- https://github.com/anexia-it/winshock-test
Acknowledgements
This document was written by Joel Land.
Other Information
| CVE IDs: | CVE-2014-6321 |
| Date Public: | 2014-11-11 |
| Date First Published: | 2014-11-13 |
| Date Last Updated: | 2014-11-17 16:02 UTC |
| Document Revision: | 27 |