Bug in SSL Deployment Windows allows attacker execute code




All recent versions of Windows include a serious bug in the SSL / TLS software, Microsoft has announced. The bug allows an attacker to execute their own code prepared packages to send to a server.

Windows 8 Servers running Windows are therefore most at risk for the vulnerability , but the vulnerability can also affect desktops and laptops. That if they can run software that listens on a port, such as an FTP server or the web interface of a torrent client.

Microsoft has disclosed few details about the bug, other than allow the attacker to run code prepared by sending packets to a server. It is not clear what rights an attacker could execute their own code. Possible that depends on the Rights of the process to which the packets are forwarded. If an attacker does not have administrator rights, he would obtain that could using another vulnerability.

Microsoft has in its traditional round patch on the second Tuesday of the month rolled out a patch for the bug. According to the software giant, there are no indications that the bug is exploited in practice. A security researcher has discovered the leak. Now that the vulnerability was nonetheless in public, chances are that attackers will try to exploit him.

The SSL / TLS implementation of Microsoft, Schannel, is the latest major SSL / TLS implementation that is struggling this year with a vulnerability. Previously faced the Apple implementation with the goto fail -bug , so the contents of SSL-traffic was shown in, and could through the Heartbleed bug in OpenSSL are read out the internal memory of a Web server. Chrome and Firefox accept further false ssl certificates, while GnuTLS this year two times was leaking.


In: Technology & Gadgets Asked By: [15575 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »