Dana Friedman
asked on
Recently published SChannel exploit for WIndows
Hi Folks:
What do you all make of this recent CERT alert about the Microsoft SChannel vulnerability that allows remote exploits of WIndows systems? https://www.us-cert.gov/ncas/alerts/TA14-318A
My concern is that all the Microsoft articles to which it makes reference makes it seem like everything is sufficiently patched if you're up to date. So what exactly is new here? Is this a real new exploit? On the one hand, Microsoft articles reference various patches for different OSes that take care of different vulnerabilities. On the other hand, the guy exposing the exploit says Microsoft won't have a patch ready till December.
This seems confusing and contradictory. What do y'all think?
Thanks,
Dana
What do you all make of this recent CERT alert about the Microsoft SChannel vulnerability that allows remote exploits of WIndows systems? https://www.us-cert.gov/ncas/alerts/TA14-318A
My concern is that all the Microsoft articles to which it makes reference makes it seem like everything is sufficiently patched if you're up to date. So what exactly is new here? Is this a real new exploit? On the one hand, Microsoft articles reference various patches for different OSes that take care of different vulnerabilities. On the other hand, the guy exposing the exploit says Microsoft won't have a patch ready till December.
This seems confusing and contradictory. What do y'all think?
Thanks,
Dana
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks to you both. I'm not sure what David's "addition of 4 more suites" refers to, but I found both to be very helpful.
Thanks,
Dana
Thanks,
Dana
Thanks. I think you just need to be sure all current patches are up to date
4 more security protcol suites
TLS_DHE_RSA_WITH_AES_256_G CM_SHA384
TLS_DHE_RSA_WITH_AES_128_G CM_SHA256
TLS_RSA_WITH_AES_256_GCM_S HA384
TLS_RSA_WITH_AES_128_GCM_S HA256
TLS_DHE_RSA_WITH_AES_256_G
TLS_DHE_RSA_WITH_AES_128_G
TLS_RSA_WITH_AES_256_GCM_S
TLS_RSA_WITH_AES_128_GCM_S
ASKER
What do you mean "and the addition of 4 more suites"? Four more Microsoft Office suites? Something else?
Thanks,
Dana