CERTVU:505120Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%
Overview
A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network packets.
Description
Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms. Due to a flaw in Schannel (CVE-2014-6321), a remote attacker could execute arbitrary code on both client and server applications.
It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds.
Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks. An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014. Immunity Inc. has developed a proof of concept exploit for their CANVAS tool.
ANEXIA has published a tool to test if a system is vulnerable.
Impact
This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.
Solution
Apply an update
Microsoft has released Security Bulletin MS14-066 to address this vulnerability in supported operating systems.
Vendor Information
Many versions of Microsoft Windows operating systems are confirmed vulnerable, including:
* Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1
* Microsoft Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2
Unsupported operating systems such as Microsoft Windows XP and 2000 may also be affected.
505120
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Microsoft Corporation Affected
Updated: November 13, 2014
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.3 | E:F/RL:OF/RC:C |
| Environmental | 9.0 | CDP:MH/TD:H/CR:ND/IR:ND/AR:ND |
References
- <https://technet.microsoft.com/library/security/MS14-066>
- <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321>
- <http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123(v=vs.85).aspx>
- <http://adi.is/winshock.txt>
- <http://pastebin.com/bsgX01dU>
- <https://gist.github.com/hmoore-r7/3379af8b0419ddb0c76b>
- <http://seclists.org/dailydave/2014/q4/32>
- <https://github.com/anexia-it/winshock-test>
Acknowledgements
This document was written by Joel Land.
Other Information
| CVE IDs: | CVE-2014-6321 |
|---|---|
| Date Public: | 2014-11-11 Date First Published: |
References
adi.is/winshock.txt
msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx
pastebin.com/bsgX01dU
seclists.org/dailydave/2014/q4/32
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321
gist.github.com/hmoore-r7/3379af8b0419ddb0c76b
github.com/anexia-it/winshock-test
technet.microsoft.com/library/security/MS14-066
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.9%