Microsoft releases patch for an extremely critical Windows vulnerability, download it now

[Himanshu Arora]

Microsoft has issued a critical patch, dubbed MS14-066, via Windows Update that aims to fix a security vulnerability which could be as scary as the infamous Heartbleed bug that surfaced earlier this year. The flaw affects almost every modern version of the Windows operating system, including Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.

Microsoft hasn't provided much details on the vulnerability, except that it is in the company's Secure Channel (Schannel) security package, something which is responsible for handling encryption and authentication in Windows, particularly for HTTP applications, and allows remote code execution via specially crafted packets sent to a Windows server.

Simply said, if an attacker modified packets in a particular way and used them to attack your machine, they may be able to execute whatever code they like remotely without any authorization. The attack apparently only affects those running a server on affected platforms.

Microsoft says it hasn't been able to identify any workarounds or mitigation factors for the vulnerability, which means that the patch is the only solution.

Although Microsoft didn't mention whether the vulnerability has been exploited in the wild, it's still a good idea and strongly advisable to grab the patch, get it installed, and fix the problem before it raises its ugly head. Head here to download, just choose your Windows version.

Permalink to story.

https://www.techspot.com/news/58797-microsoft-patch-tuesday-download-critical-windows-vulnerability.html

 

[cliffordcooley]

The attack apparently only affects those running a server on affected platforms.

Since the biggest majority of us do not run servers, the patch for this vulnerability is irrelevant to the majority?

 

[Guest]

It mentions Windows 7, 8, and 8.1 not just server operating systems.

 

[Guest]

This page: https://technet.microsoft.com/library/security/ms14-066 States the following:
What systems are primarily at risk from the vulnerability?
Server and workstation systems that are running an affected version of Schannel are primarily at risk.

So you will want it as well

 

[Kezhen Gao]

The attack apparently only affects those running a server on affected platforms.

Since the biggest majority of us do not run servers, the patch for this vulnerability is irrelevant to the majority?

True, those running IIS with web/ftp sites that runs over SSL will require this patch. I have already started to patch our company servers.

 

[oldikes]

The attack apparently only affects those running a server on affected platforms.

Since the biggest majority of us do not run servers, the patch for this vulnerability is irrelevant to the majority?

agreed. this article seems to blow this out of proportion, that or it doesnt describe the issue in a way that makes it seem relevant to me.

 

[ssimonds]

The attack apparently only affects those running a server on affected platforms.

Since the biggest majority of us do not run servers, the patch for this vulnerability is irrelevant to the majority?

wow, please read the article before posting. I know its early but damn.

 

[Guest]

What about XP, will they be patching that?

 

[cliffordcooley]

wow, please read the article before posting. I know its early but damn.

And what makes you think I didn't?

Can you explain the sentence I quoted, and tell me why this vulnerability would effect me as a Windows 7 user that does not utilize server software?

 

[S_Brideau]

What about XP, will they be patching that?

Since Win XP support has ended April 8th, I don't think they'll even think about fixing it for it except for companies paying a premium to have these patches.

 

[Kibaruk]

The attack apparently only affects those running a server on affected platforms.

Since the biggest majority of us do not run servers, the patch for this vulnerability is irrelevant to the majority?

wow, please read the article before posting. I know its early but damn.

It's clear, those using server instances of windows, wether they are in 7, 8 or whatever.

Since most of us don't use server services (lol) most of us are unnaffected by this. It's clear.

What about XP, will they be patching that?

Since Win XP support has ended April 8th, I don't think they'll even think about fixing it for it except for companies paying a premium to have these patches.

Good lord please read, they never mention windows XP, and to clear it even more they talk about "MODERN VERSIONS OF WINDOWS". XP is under no definition modern.

 

[Guest]

I did read, and all the other articles about this say it's a 19 year old bug affecting everything since Windows 95, see PC World or anywhere else really.

 

[hahahanoobs]

This patch is now available via Windows Update (KB2992611) marked as "Important".

 

[Guest]

Since Microsoft stopped updating Windows XP in April they probably won't be putting out an update for it to unsupported users.

 

[Kibaruk]

I did read, and all the other articles about this say it's a 19 year old bug affecting everything since Windows 95, see PC World or anywhere else really.

Well if this is the case, I would be amazed if you had an XP machine as a server.

Since Microsoft stopped updating Windows XP in April they probably won't be putting out an update for it to unsupported users.

You mean since they cut support for xp they probably won't update it?? It's more like THEY WONT, there is no probably in the middle, that's the whole deal in stop support for a product.

 

[Guest]

Checked for update, no mention thereof.............??