Critical Crypto Flaw in Microsoft SChannel Affects All Windows Software: Patch Your Systems ASAP! Don’t Wait Until It’s Exploited!

Image

A few months ago Heartbleed, apparently named after a James Bond villain, was a security bug that made headlines even in major, non-tech focused publications. This well-known bug was a flaw in the OpenSSL cryptography library, which is a layer of security between your computer and the servers of many major online services. Hackers were able to exploit this flaw and extract sensitive information such as usernames and passwords for websites including Facebook, Gmail, Netflix, and WordPress.

Now another crypto flaw is making headlines. A security bulletin recently released by Microsoft warns service providers and IT administrators of a weakness in the Secure Channel (SChannel) provider that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) authentication protocols to secure web browsing and communication with other servers.


Like Heartbleed, this SChannel bug allows hackers to access to sensitive information. While this flaw does affect every supported version of Windows and Windows Server software, Microsoft reminds users that so far no one has been attacked.


Server and workstation systems that are running an affected version of SChannel are primarily at risk,” the software juggernaut announced on Tuesday, November 11th. “An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server. Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers.”


While no attacks have been reported yet, the clock is ticking. Experts estimate it is only a matter of days before someone exploits this vulnerability. “My guess is that you probably have a week, maybe less, to patch your systems before an exploit is released,” wrote Johannes Ullrich, Ph.D. in a November 12th blog post on the Internet Storm Center blog.


Ullrich also advises service providers and IT administrators to take care while patching to protect themselves from future attacks using the SChannel bug. “Patching is only in part about speed,” Ullrich writes. “Don’t let speed get in the way of good operations and procedures. It is at least as important to patch in a controlled, verifiable and reproducible way. Anything else will leave you open to attack due to incomplete patching.


Only one question remains: what cool name will the media come up with for the SChannel bug to meet the bar that Heartbleed set? Skulldrop? Cliffjump? Devilfinger? Only time will tell.

To learn more about the SChannel bug and other urgent technology news, contact Remote Technology Services immediately at (800) 478-8105 or send us an email at [email protected].

Tired Of Empty Promises?

Contact Us Today And Book Your

Free Technology Consultation

With The Region’s Top IT

Company

Step One

Listen To What Our Clients Say:

Step Two
Fill in Your Information Below
Privacy is our policy. We may contact you from time to time with special offers but we will never sell or provide your information to anyone outside of our company.

GET IN TOUCH

1293 Professional Drive

Myrtle Beach, SC 29577

(800) 478-8105

(843) 222-6198

Privacy is our policy. We may contact you from time to time with special offers but we will never sell or provide your information to anyone outside of our company.

CONNECT

Call (800) 478-8105 today to schedule your free technology assessment

Remote Tech Services provides IT Support & IT Services for businesses in Wilmington, Sunset Beach, Calabash, Little River, North Myrtle Beach, Myrtle Beach, Florence, Conway, Longs, Georgetown, Charleston and throughout the Grand Strand.

All contents © 2021 Remote Tech Services, LLC. All rights reserved. | Sitemap

Designed by ULISTIC