Microsoft releases patch for huge Windows vulnerability

Microsoft has issued a ‘critical patch’ for a potentially seriously vulnerability affecting multiple versions of Windows.

According to Microsoft, the so-called ‘Schannel Remote Code Execution Vulnerability’ could allow an attacker to remotely run any piece of code they wished on a user’s machine.

The issue is quite far ranging as the patch has been issued for users with machines running Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.

The company says server and workstation machines running an affected version of Schannel – which deals with encryption and authentication within Windows – are most at risk from the issue.

The good news right now is that Microsoft claims it is not aware of anyone taking advantage of the vulnerability.

Microsoft says there is no workaround or ways to prevent the attack. The only way for the security hole to be plugged is to download the patch from Windows Update at the earliest possible opportunity.

Explaining the problem, Microsoft wrote: “A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.

“When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets.

Users can open the Windows Update portion of their operating system now in order to safeguard their servers.

The issue invokes memories of the Heartbleed OpeSLL vulnerability which forced internet users into changing their online passwords en masse earlier this year.

Read more: Windows 10 Technical Preview: First Impressions

Via: The Next Web