Link to home
Start Free TrialLog in
Avatar of Dana Friedman
Dana Friedman

asked on

Recently published SChannel exploit for WIndows

Hi Folks:

What do you all make of this recent CERT alert about the Microsoft SChannel vulnerability that allows remote exploits of WIndows systems? https://www.us-cert.gov/ncas/alerts/TA14-318A

My concern is that all the Microsoft articles to which it makes reference makes it seem like everything is sufficiently patched if you're up to date. So what exactly is new here? Is this a real new exploit? On the one hand, Microsoft articles reference various patches for different OSes that take care of different vulnerabilities. On the other hand, the guy exposing the exploit says Microsoft won't have a patch ready till December.

This seems confusing and contradictory. What do y'all think?

Thanks,
Dana
ASKER CERTIFIED SOLUTION
Avatar of John
John
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Dana Friedman
Dana Friedman

ASKER

David:

What do you mean "and the addition of 4 more suites"? Four more Microsoft Office suites? Something else?

Thanks,
Dana
Avatar of Dana Friedman
Dana Friedman

ASKER

Thanks to you both. I'm not sure what David's "addition of 4 more suites" refers to, but I found both to be very helpful.

Thanks,
Dana
Avatar of John
John
Flag of Canada image
Thanks.   I think you just need to be sure all current patches are up to date
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
4 more security protcol suites

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_GCM_SHA256