Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

Microsoft releases patch for huge Windows vulnerability

Microsoft has issued a ‘critical patch’ for a potentially seriously vulnerability affecting multiple versions of Windows.

According to Microsoft, the so-called ‘Schannel Remote Code Execution Vulnerability’ could allow an attacker to remotely run any piece of code they wished on a user’s machine.

The issue is quite far ranging as the patch has been issued for users with machines running Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.

The company says server and workstation machines running an affected version of Schannel – which deals with encryption and authentication within Windows – are most at risk from the issue.

The good news right now is that Microsoft claims it is not aware of anyone taking advantage of the vulnerability.

Microsoft says there is no workaround or ways to prevent the attack. The only way for the security hole to be plugged is to download the patch from Windows Update at the earliest possible opportunity.

Explaining the problem, Microsoft wrote: “A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure.

“When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets.

Users can open the Windows Update portion of their operating system now in order to safeguard their servers.

The issue invokes memories of the Heartbleed OpeSLL vulnerability which forced internet users into changing their online passwords en masse earlier this year.

Read more: Windows 10 Technical Preview: First Impressions

The Next Web

Why trust our journalism?

Founded in 2003, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.