Pinterest Stumbleupon Whatsapp
Advertisement

Running Windows? You should probably run your updates about now. A serious new vulnerability has been confirmed as present in all versions of Windows from Vista onwards which has the potential to let hackers execute their own arbitrary code.

The issue (CVE number CVE-2014-6321) is rated critical by Microsoft, and affected users are being strongly encouraged to update their systems.

Vulnerable versions of Windows include Vista, 7, 8 and 8.1 (both RT and non-RT). Also at risk is Microsoft’s server family of operating systems, including Windows 2003, 2008 and 2012.

Microsoft has issued a patch to fix the issue, currently available to download. There are no known workarounds or mitigation tactics to address this issue.

Curious about how this vulnerability works, and how this impacts you? Read on for more information.

What’s The Bug?

Microsoft Security Channel – Schannel for short – is a package of software used in order to create and use cryptographically secure network connections. This is used whenever you use anything encrypted with SSL or TLS, including when you browse the Internet. It’s incredibly important.

Advertisement

microsoft-sll

The issue arises when an attacker sends a specially crafted packet to a computer running a vulnerable version of Schannel. This can result in the computer executing arbitrary code written by the attacker, which can perform all kinds of unwanted actions. These could include traffic being hijacked, deployment of malware, or much, much worse.

But most home users shouldn’t be too worried. The threat only really emerges when you have a software package installed which listens on a port for encrypted connections. The most profound impact will be felt in the enterprise world, where many use Windows as a web or FTP server, or to handle logins on their internal network.

Wasn’t There Something Similar For OS X Recently?

Good catch.

The implementation of SSL/TLS on Linux/OS X was found to contain a similar vulnerability just a few months ago. Dubbed ‘heartbleed’ Heartbleed – What Can You Do To Stay Safe? Heartbleed – What Can You Do To Stay Safe? Read More , it allowed attackers to retrieve private SSL keys by sending a specially crafted packet, thus making it possible to surreptitiously intercept network traffic. It even impacted mobile devices Heartbleed Isn't Just a Desktop Problem - Your Android Could Be A Risk Heartbleed Isn't Just a Desktop Problem - Your Android Could Be A Risk Most of us know Heartbleed as a bug that affected websites and web servers, but Android 4.1.1 also uses the vulnerable version of OpenSSL. This means some Android smartphone and tablets are vulnerable to Heartbleed... Read More .

According to Ars Technica, all major implementations of SSL/TLS across all platforms have seen a major vulnerability recently, including OpenSSL, GNUTLS and Apple’s SecureTransport.

However, Microsoft’s vulnerability is arguably more serious, and not just because of the arbitrary code facet.

But What About The XP Users?

Earlier this year, Microsoft discontinued offering security updates What The Windows XPocalypse Means For You What The Windows XPocalypse Means For You Microsoft is going to kill support for Windows XP in April 2014. This has serious consequences for both businesses and consumers. Here is what you should know if you are still running Windows XP. Read More for computers running Windows XP.

Consumers have been strongly advised to upgrade to a supported version of Windows, yet almost 17% of all computers connected to the internet still to this day run Windows XP. Although incredibly dated, many are sticking Microsoft Has Killed Windows XP... Now What? [We Ask You] Microsoft Has Killed Windows XP... Now What? [We Ask You] Microsoft ended support for the aged operating system; it's time we all moved on. But move on to what? Read More to their old, tried-and-tested XP machines. Some can’t move away from it even if they wanted to, due to compatibility issues in legacy software.

microsoft-xp

Microsoft has not tested this vulnerability against XP, and has not conclusively stated whether users of the aged operating system are at risk. However, Windows XP shares a number of packages and libraries in common with newer versions of Windows. Furthermore, Windows 2003 is known to be affected, which was released close to XP.

Either way, XP users should be especially wary of this vulnerability, but they certainly shouldn’t expect to see a patch any time soon.

How Can I Secure My Computer?

For those running a supported version of Windows, the fix is laughably easy.

Just run your security updates. Honestly, that’s it. Unlike HeartBleed, a patch has been issued at the same time of the vulnerability being disclosed. This is largely due to Microsoft’s well established engagement with the security community.

windows-secure

If you’re running Windows XP, there’s only really one option. Ditch it.

These types of security issues will only continue to crop up, and you will remain horribly insecure. If you want to move to a more modern version of Windows, it’s still possible to get a Windows 7 license quite easily Microsoft Retires Windows 7: This Is How You Can Still Get A Copy Microsoft Retires Windows 7: This Is How You Can Still Get A Copy Windows 7 Home and Ultimate editions have been retired. If you want to get a computer without Windows 8.1, your options are limited. We have compiled them for you. Read More , even though Microsoft has officially discontinued sales. If you want something even closer to the cutting edge, there’s always Windows 8/8.1 The Windows 8 Guide The Windows 8 Guide This Windows 8 guide outlines everything new about Windows 8, from the tablet-like start screen to the new "app" concept to the familiar desktop mode. Read More , which can even be made to look like Windows 7 How to Make Windows 8 or 8.1 Look Like Windows 7 or XP How to Make Windows 8 or 8.1 Look Like Windows 7 or XP Is Windows 8 too modern for your taste? Maybe you prefer a retro look. We show you how to resurrect the Start menu and install classic Windows themes on Windows 8. Read More with a bit of tweaking.

And if nothing else, Linux remains a pretty decent option. My colleague, Danny Steiben, has categorized the best Linux distributions The Best Linux Distributions For Windows XP Refugees The Best Linux Distributions For Windows XP Refugees Read More for Windows XP refugees, whilst Matt Smith thinks you should just get a Macbook Air Windows XP Refugees: Have You Considered A MacBook Air Yet? Windows XP Refugees: Have You Considered A MacBook Air Yet? Users of Windows XP (and, to a lesser extent, Windows Vista and 7) have an unhappy upgrade path ahead of them. Maybe it's time to ditch Windows entirely and pick up a MacBook Air instead. Read More . Whatever you choose, it’ll be significantly more secure than what you have now.

Get Secure

This bug is a doozy, don’t get me wrong. With that said, Microsoft should be commended for how they handled this serious issue. They were able to work with the security researchers who discovered the vulnerability, and were able to issue a patch in a timely manner. This patch you can, and should, install right now through your updates manager.

Do you have any thoughts on this vulnerability? Tell me about it. Comments section is below.

Photo Credits: Safety concept (Maksim Kabakou)Protection concept (Maksim Kabakou), https (Pavel Ignatov)Green hills, blue sky (Francesco R. Iacomino)

Leave a Reply

Your email address will not be published. Required fields are marked *