Bug in ssl implementation Windows allows attacker to execute code
All recent versions of Windows contain a serious bug in the SSL/TLS software, Microsoft has announced. The bug allows an attacker to run their own code by sending prepared packets to a server.
Servers running on Windows are therefore most at risk for the vulnerability, but the vulnerability can also affect desktops and laptops. This is possible if they run software that listens on a port, for example an ftp server or the web interface of a torrent client.
Microsoft has released few details about the bug, other than allowing the attacker to run their own code by sending prepared packages to a server. It is not clear with which rights an attacker can execute own code. It may depend on the permissions of the process to which the packets are sent. If an attacker doesn’t have administrative privileges, he could get it using another vulnerability.
Microsoft rolled out a patch for the bug on its traditional patch round on the second Tuesday of the month. According to the software giant, there are no indications that the bug has been exploited in practice. A security researcher discovered the vulnerability. Now that the vulnerability has been made public, there is a good chance that attackers will try to abuse it.
Microsoft’s ssl/tls implementation, Schannel, is the latest major ssl/tls implementation to suffer from a vulnerability this year. Previously, Apple’s implementation suffered from the goto fail bug, through which the content of SSL traffic could be viewed, and the internal memory of a web server could be read via the Heartbleed bug in OpenSSL. Chrome and Firefox also accepted fake SSL certificates, while GnuTLS was leaked twice this year.