Microsoft Security Bulletin MS14-066 - Critical

Update 2014-11-19 10:40 UTC + 1

November 18, Microsoft released a new version of its patch KB 2992611. If you had already patched, the patch must be re-applied. < br / > The latter is available through Windows Update.

November 11, 2014, Microsoft announced a critical security flaw in the Schannel package in MS14-066 bulletin. The latter is referenced under code CVE-2014-6321.

Secure Channel (Schannel) is a package dedicated to security within Windows that implements support for the SSL and TLS protocols. These protocols are used to establish secure communications, particularly in web browsing.

- What is it allows?

The flaw would allow code execution remotely if someone malicious sending special packets to a Windows Server.

Since when does it exist?

The fault is present on all the following versions of Windows:

• Windows Server 2003
  • Windows Server 2003 Service Pack 2
  • Windows Server 2003 x 64 Edition Service Pack 2
  • Windows Server 2003 with SP2 for Itanium-based Systems
• Windows Vista
  • Windows Vista Service Pack 2
  • Windows Vista x 64 Edition Service Pack 2
• Windows Server 2008
  • Windows Server 2008 for 32-bit Systems Service Pack 2
  • Windows Server 2008 for x 64-based Systems Service Pack 2
  • Windows Server 2008 for Itanium-based Systems Service Pack 2
• Windows 7
  • Windows 7 for 32-bit Systems Service Pack 1
  • Windows 7 for x 64-based Systems Service Pack 1
• Windows Server 2008 R2
  • Windows Server 2008 R2 for x 64-based Systems Service Pack 1
  • Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
• Windows 8 and Windows 8.1
  • Windows 8 for 32-bit Systems
  • Windows 8 for x 64-based Systems
  • Windows 8.1 for 32-bit Systems
  • Windows 8.1 for x 64-based Systems
• Windows Server 2012 and Windows Server 2012 R2
  • Windows Server 2012
  • Windows Server 2012 R2
• Windows RT and Windows RT 8.1
  • Windows RT
  • Windows RT 8.1
• Server Core installation option
  • Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 for x 64-based Systems Service Pack 2 (Server Core installation)
  • Windows Server 2008 R2 for x 64-based Systems Service Pack 1 (Server Core installation)
  • Windows Server 2012 (Server Core installation)
  • Windows Server 2012 R2 (Server Core installation)

How to fix the?

Update your Windows. The patch was deployed and should be available in the list of updates available via Windows update. More information about the patch here: KB 2992611. A restart of the server you will be asked to complete the installation of this update.

We recommend to perform all your backups before starting the operation. In some cases, the application of this patch resulted in an edge to the connectivity level effect. If the case appears, he will have to revert to a State before application and review your configuration, including the level of SSL certificates.

We remind you that it is recommended to regularly update your applications and services, to guarantee their stability and security. < br / >

If you have a managed or shared delivery, please be aware that our teams are already necessary to apply the patch across our infrastructure.