Critical Microsoft Schannel Remote Code Execution Vulnerability (CVE-2014-6321)

This information was sent to several U-M IT staff groups on November 12, 2014

This message is intended for U-M IT staff who are responsible for maintaining and running university servers. A security vulnerability was announced today that requires immediate remediation. Please read the advisory below to see if servers for which you are responsible are affected and take action if appropriate.

Summary

A critical vulnerability has been identified in Windows systems that could be easily exploited. A patch is available, and IIA recommends testing and patching as quickly as possible.

Problem

A vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows could allow remote code execution on a Windows server. Microsoft has released a patch for the vulnerability. The patch should be installed as soon as possible, as there is no other short-term fix.

Threats

Exploit code is expected to be publicly available soon, if it is not already. Widespread attacks are likely to occur quickly after exploit code is available.

Affected Systems

Windows systems using Schannel are affected.

  • Windows Server 2003 SP2
  • Windows Server 2008 SP2 and R2 SP1
  • Windows Server 2012 Gold and R2
  • Windows RT Gold and 8.1
  • Windows Vista SP2
  • Windows 7 SP1
  • Windows 8
  • Windows 8.1

Action Items

Install the latest patches available from Microsoft after quickly testing the patches in non-production environments. Prioritize Internet-exposed systems that provide SSL services (e.g., HTTPS), as they are most likely to be attacked quickly. Of those systems, patch ones that access or maintain sensitive data first.

Technical Details

The Schannel vulnerability in Microsoft Windows allows remote attackers to execute arbitrary code on a server via crafted packets. Patches were made available by Microsoft on Tuesday, November 11, 2014.

Questions, Concerns, Reports

Please contact [email protected].