Windows yesterday published a critical security bulletin addressing a vulnerability that, according to researches at IBM, has been “sitting in plain sight.” Microsoft has also released an update to patch the vulnerability.
IBM reported the bug privately to Microsoft in May, noting that it “could allow remote code execution if an attacker sends” a very specific set of code to your Windows server, allowing the attacker to “reliably run code remotely and take over the user’s machine”.
Who is affected?
The vulnerability affects just about all Windows platforms out in the wild today:
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows 7
- Windows 8 and Windows 8.1
- Windows Server 2012
- Windows RT
What are we doing about it?
If you’re a CompuCARE client, you’re covered. Our platform started rolling out the patch to your computers last night, and we expect the roll-out to be complete by tomorrow morning. Nothing to do but sit back, relax, and let us handle the stressful bits.
What can you do about it?
If you’re not a CompuCARE client, we suggest you immediately take one of the following actions:
- Call your IT provider or consultant and ask them if the patch has been installed on your systems;
- Run the Windows Update process on all your systems and make sure it completes;
- Head over to the update page to download the patch manually; Or
- Call us: 514-990-1416
There is some good news
According to Gizmodo, as of now “Microsoft isn’t aware of anyone actually taking advantage of this vulnerability.”
Vulnerability FAQ
Microsoft offered the following FAQ about this vulnerability:
- What might an attacker use the vulnerability to do?
- An attacker who successfully exploited this vulnerability could run arbitrary code on a target server.
- How could an attacker exploit the vulnerability?
- An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server.
- What systems are primarily at risk from the vulnerability?
- Server and workstation systems that are running an affected version of Schannel are primarily at risk.