Microsoft Corporation (NASDAQ:MSFT) can face the problem like Heartbleed that makes use of Windows vulnerability and affects the machines. Heartbleed was a severe problem faced by the tech industry. It attacked the server and left it exposed to an attacker who can then get access to the private SSL keys. Microsoft has issued the patch via Windows Update to tackle the problem.
The patch
The patch here discussed is MS14-066. It is also termed as “Vulnerability in Schannel Can Permit Remote Code Execution.” The new found bug affects the all the versions of Windows Server whether it is 2003, 2008, 2012, Windows RT, Vista or others. Microsoft provided the details of the attack. It said that the bug can permit remote code execution in case attacker successfully transfers specially designed packets to Windows server.
A form of attack
The attacker can modify the packets in a pre-defined way to use the vulnerability of machine. They will have the flexibility to execute any code they wish remotely even without having an authorized account. However, it will have an impact on only those operating server that are working on affected platforms. The impact can be compared to the negative impact a hole can have in the Schannel library. It is the key layer responsible for authentication and encryption in Microsoft’s Windows. It is a protection layer especially for HTTP applications.
The good and the bad news
Microsoft said that the new bug can affect every process running on the latest version of Windows. Therefore, businesses will be forced to use the patch in a lot of machines. They have to make the necessary changes as soon as possible.
Also, the patch is the only way to mitigate the attack. The good news for the businesses is that as of now there is no evidence that the bug is spreading rapidly on the systems. Businesses can use the patch from Windows update so that they are prepared to fight with the bug at right time.
