Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Recently published SChannel exploit for WIndows

Posted on 2014-11-16
6
Medium Priority
?
342 Views
Last Modified: 2014-11-17
Hi Folks:

What do you all make of this recent CERT alert about the Microsoft SChannel vulnerability that allows remote exploits of WIndows systems? https://www.us-cert.gov/ncas/alerts/TA14-318A

My concern is that all the Microsoft articles to which it makes reference makes it seem like everything is sufficiently patched if you're up to date. So what exactly is new here? Is this a real new exploit? On the one hand, Microsoft articles reference various patches for different OSes that take care of different vulnerabilities. On the other hand, the guy exposing the exploit says Microsoft won't have a patch ready till December.

This seems confusing and contradictory. What do y'all think?

Thanks,
Dana
0
Comment
Question by:Dana Friedman
  • 2
  • 2
  • 2
6 Comments
 
LVL 100

Accepted Solution

by:
John Hurst earned 1000 total points
ID: 40445923
What I have read is as thick as mud. What I took away from it was to patch all workstations and servers, which is what we have done. I am sure more patches will come.

http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/?s_cid=e589&ttag=e589&ftag=TREc64629f
0
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 1000 total points
ID: 40446039
it is a 19 year old problem that has been fixed. and the addition of 4 more suites.  Windows XP unless you are using the 'embedded' patch is significantly vunerable to this exploit
0
 

Author Comment

by:Dana Friedman
ID: 40447104
David:

What do you mean "and the addition of 4 more suites"? Four more Microsoft Office suites? Something else?

Thanks,
Dana
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Closing Comment

by:Dana Friedman
ID: 40447106
Thanks to you both. I'm not sure what David's "addition of 4 more suites" refers to, but I found both to be very helpful.

Thanks,
Dana
0
 
LVL 100

Expert Comment

by:John Hurst
ID: 40447108
Thanks.   I think you just need to be sure all current patches are up to date
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 40447294
4 more security protcol suites

    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_RSA_WITH_AES_256_GCM_SHA384
    TLS_RSA_WITH_AES_128_GCM_SHA256
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension . This reminded me of questions that come up here at EE along the lines of, "How can I tell the type of file from its cont…
Most folks would know the basics of how Dropbox works, so that’s not the purpose of this article. Security is what it’s all about, so here I’ll share how I choose to secure my Dropbox Account and the Data it contains.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question