Wednesday, November 12, 2014

Microsoft quietly patches potentially dangerous Windows security hole

Microsoft released 14 regular security updates for Windows on Tuesday, but one in particular shines a light on a sizable critical vulnerability that affects most widely-used versions of the operating system, including Windows 7, 8, 8.1, Vista, RT and more.

The patch addresses a security hole in Schannel, Windows' secure channel used for security protocols like encrypted communication, particularly for Internet applications that use HTTP.

Microsoft puts it this way: Attackers could send "specially crafted" data packets to the Windows server you're running. By exploiting this vulnerability, they could execute code remotely and deliver something nasty to your computer. On its security bulletin, Microsoft said there are no mitigating factors or workarounds to lessen the blow of these attacks.

There hasn't been any indication that the vulnerability has been used to attack the general public, according to Microsoft. The patch mends the problem by altering the way Windows processes packets. Just in time, too — from the sounds of it, this could have been bad. Other than that, Microsoft doesn't provide much more information about the vulnerability.

The patch comes over on Windows Update, so it's best for Windows users to run the scheduled update as they get a chance.

No comments :

Post a Comment