TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321)

["US-CERT" <US-CERT () ncas us-cert gov>]

NCCIC / US-CERT

National Cyber Awareness System:

TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321) [ 
https://www.us-cert.gov/ncas/alerts/TA14-318A ] 11/14/2014 10:32 AM EST 
Original release date: November 14, 2014

Systems Affected

  * Microsoft Windows Server 2003 SP2 
  * Microsoft Windows Vista SP2 
  * Microsoft Windows Server 2008 SP2 
  * Microsoft Windows Server 2008 R2 SP1 
  * Microsoft Windows 7 SP1 
  * Microsoft Windows 8 
  * Microsoft Windows 8.1 
  * Microsoft Windows Server 2012 
  * Microsoft Windows Server 2012 R2 
  * Microsoft Windows RT 
  * Microsoft Windows RT 8.1 

Microsoft Windows XP and 2000 may also be affected.

Overview

A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via 
specially crafted network traffic.[1] [ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 ]

Description

Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms.[2 [ 
https://technet.microsoft.com/library/security/MS14-066 ], 3 [ 
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx ]] Due to a flaw in Schannel, a 
remote attacker could execute arbitrary code on both client and server applications.[1] [ 
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 ]

It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to 
Microsoft MS14-066, there are no known mitigations or workarounds.[2] [ 
https://technet.microsoft.com/library/security/MS14-066 ]

Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks.[4] [ 
http://www.reddit.com/r/netsec/comments/2m1alz/microsoft_security_bulletin_ms14066/ ] An anonymous Pastebin user has 
threatened to publish an exploit on Friday, November 14, 2014.[5] [ http://pastebin.com/bsgX01dU ]

Impact

This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.[6] [ 
http://adi.is/winshock.txt ]

Solution

Microsoft has released Security Bulletin MS14-066 to address this vulnerability in supported operating systems.[2] [ 
https://technet.microsoft.com/library/security/MS14-066 ]

References

  * [1] NIST Vulnerability Summary for CVE-2014-6321 [ http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 ] 
  * [2] Microsoft Security Bulletin MS14-066 - Critical  [ https://technet.microsoft.com/library/security/MS14-066 ] 
  * [3] Microsoft, Secure Channel [ http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx 
] 
  * [4] Reddit, Microsoft Security Bulletin MS14-066  [ 
http://www.reddit.com/r/netsec/comments/2m1alz/microsoft_security_bulletin_ms14066/ ] 
  * [5] Pastebin, SChannelShenanigans [ http://pastebin.com/bsgX01dU ] 
  * [6] Winshock.txt [ http://adi.is/winshock.txt ] 

Revision History

  * November 14, 2014: Initial Release 
________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ] 

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]