Microsoft released security bulletin MS14-066 “Vulnerability in Schannel Could Allow Remote Code Execution (2992611),” for November’s Patch Tuesday.
MS14-066 is a critical vulnerability in the Microsoft Secure Channel (Schannel) security package that allows specially crafted packets to compromise the machine. This affects all Windows servers and clients. Microsoft indicates that there are no workarounds or mitigations.
Please run the Windows update as soon as possible for all your Windows machines, servers and clients.
What is Schannel?
Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption. Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.
For more information:
The inaugural issue offers tips on creating stronger passwords.
The newsletters will be published by the chief information security officers for UA, UAB, UAB Medicine and UAHuntsville, working in conjuction with the UA System Office of Risk Management and the director of IT Audit. The monthly newsletters are designed to help each campus' users to avoid IT errors.
An archive of the IT Risk Bulletin is available here.