Microsoft has issued a patch to correct a critical vulnerability in its Microsoft Secure Channel or “Schannel” security package that could allow remote code execution on a Windows server or workstation.
According to a security bulletin posted by Microsoft on Tuesday, the security update resolves the vulnerability discovered by an IBM X-Force Researcher that could allow specially crafted packets to remotely execute code on Windows servers and systems running an affected version of Schannel.
Schannel plays the important function of encrypting traffic and transactions on most Windows platforms, and is the standard SSL library that ships with Windows. The new patch corrects how it sanitizes specially crafted packets, eliminating the vulnerability.
In a report from DataBreachToday.com, Trend Micro technology and solutions vice president JD Sherry said the newly discovered Windows vulnerability would most likely impact Microsoft Exchange mail servers where Microsoft protocols like Schannel are used to encrypt mail traffic. Brian Evans, senior managing consultant at IBM Security Services, said any SSL services reachable from the Internet such as Web and email servers would be likely targets.
Having found the vulnerability back in May 2014, IBM X-Force included coverage of the vulnerability with its network Intrusion Prevention System since reporting it. X-Force hasn’t found any evidence of exploitation of this particular bug in the wild, but Microsoft has stated that an exploit of the Schannel vulnerability is highly liable to be developed soon.