Vector
Vector

Choose a topic

What resources are you looking for?

Webinar
Automate & Centralize Data Privacy | SureCloud Webinar

Automate & centralize data privacy processes with SureCloud's Aurora platform. Learn how to you build and maintain trust and prove compliance.

Data Privacy
Webinar
Transform Third-Party Risk Management with Aurora | SureCloud Webinar

Transform your third-party risk management with SureCloud's Aurora platform. Access the on-demand webinar to learn how to mitigate risks and stay compliant effectively

Third-Party Risk
Webinar
Selecting the Right TPRM Tool | Webinar Insights

Learn how to choose the perfect TPRM tool for managing third-party suppliers in this webinar by SureCloud experts. Watch now

Third-Party Risk
Template
Governance, Risk & Compliance RFP Template

In the process of analysing potential GRC tools? This handy request for proposal (RFP) template will help you make your final decision.

GRC
Template
Compliance Management Software RFP Template

In the process of analysing potential compliance management tools? This handy request for proposal (RFP) template will help you make your final decision.

Compliance
Template
Data Privacy Software RFP Template

In the process of analysing potential data privacy tools? This handy request for proposal (RFP) template will help you make your final decision.

Compliance
Template
Third-Party Risk Management Software RFP Template

In the process of analysing potential third-party risk tools? This handy request for proposal (RFP) template will help you make your final decision.

Third-Party Risk
Template
IT Risk Management Software RFP Template

In the process of analyzing potential IT risk management tools? This handy request for proposal (RFP) template will help you make your final decision.

Compliance
Template
Internal Audit Software RFP Template

In the process of analysing potential internal audit tools? This handy request for proposal (RFP) template will help you make your final decision.

Internal Audit
Cybersecurity

WinShock: The Microsoft SChannel vulnerability

WinShock: The Microsoft SChannel vulnerability
Written by

SureCloud

Published on

14 Jun 2024

WinShock: The Microsoft SChannel vulnerability

 
 

On the 11th November 2014, Microsoft revealed the existence of a critical vulnerability residing in all versions of their flagship operating system since Windows 95. The vulnerability lies within the Microsoft Secure Channel (SChannel) Security Support Provider (SSP) component, which allows the operating system to provide encrypted secure communications. This is particularly dangerous for Windows-based hosts that are exposing SSL/TLS services.

In concept, the flaw may allow an attacker to execute arbitrary code on a vulnerable server, and potentially take control of the machine. Whilst this attack has not been seen in the wild yet, and no public exploit code has been released so far, it’s possible – if not likely – that this will be the case in the near future. It’s time to get a head-start.

 

Could my organisation be vulnerable?

If your organisation uses systems with Windows operating systems, then it is highly likely that there are vulnerable machines on your network. Technically all versions from Windows 95 onwards are vulnerable until patched, which includes all currently supported versions. We strongly recommend resolving the issue as a matter of priority.

Currently this flaw is not being exploited in the wild. However, some proof-of-concept code has been seen already, and organisations should prepare for exploits to be made public in the near future.

 

How can we detect the issue?

Since we currently have very limited information as to how the vulnerability works, the best way to currently check for the presence of this flaw is to find out if the relevant MS14-066 patch has been applied or not.

The SureCloud platform has the capability to detect this missing patch via internal credentialed scans, available to those customers who have our internal on-demand scanning service. Look out for vulnerability 79127, namely “Vulnerability in Schannel Could Allow Remote Code Execution”. Before running your scan, ensure that your internal scanning appliance is configured to conduct credentialed/privileged scans. Please open a support ticket with us if you’re not sure.

 

What can we do to protect our organisation?

Apply the relevant patch from Microsoft: https://support.microsoft.com/kb/2992611

Public-facing servers should be the priority, although all machines should be patched.

 

Get in touch

Should you have any questions regarding this or any security matter, please do not hesitate to get in touch by opening a support ticket or emailing SureCloud Support.

 

References

https://technet.microsoft.com/library/security/MS14-066

https://support.microsoft.com/kb/2992611

https://www.bbc.co.uk/news/technology-30019976

 

 

Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for SureCloud to test every possible scenario an organization may face, and SureCloud cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. SureCloud strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.