Critical Crypto Flaw in Microsoft SChannel Affects All Windows Software: Patch Your Systems ASAP! Don’t Wait Until It’s Exploited!

Microsoft Secure ChannelA few months ago Heartbleed, apparently named after a James Bond villain, was a security bug that made headlines even in major, non-tech focused publications. This well-known bug was a flaw in the OpenSSL cryptography library, which is a layer of security between your computer and the servers of many major online services. Hackers were able to exploit this flaw and extract sensitive information such as usernames and passwords for websites including Facebook, Gmail, Netflix, and WordPress.

Now another crypto flaw is making headlines. A security bulletin recently released by Microsoft warns service providers and IT administrators of a weakness in the Secure Channel (SChannel) provider that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) authentication protocols to secure web browsing and communication with other servers.

Like Heartbleed, this SChannel bug allows hackers to access to sensitive information. While this flaw does affect every supported version of Windows and Windows Server software, Microsoft reminds users that so far no one has been attacked.

Server and workstation systems that are running an affected version of SChannel are primarily at risk,” the software juggernaut announced on Tuesday, November 11th. “An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server. Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers.”

While no attacks have been reported yet, the clock is ticking. Experts estimate it is only a matter of days before someone exploits this vulnerability. “My guess is that you probably have a week, maybe less, to patch your systems before an exploit is released,” wrote Johannes Ullrich, Ph.D. in a November 12th blog post on the Internet Storm Center blog.

Ullrich also advises service providers and IT administrators to take care while patching to protect themselves from future attacks using the SChannel bug. “Patching is only in part about speed,” Ullrich writes. “Don’t let speed get in the way of good operations and procedures. It is at least as important to patch in a controlled, verifiable and reproducible way. Anything else will leave you open to attack due to incomplete patching.”

Only one question remains: what cool name will the media come up with for the SChannel bug to meet the bar that Heartbleed set? Skulldrop? Cliffjump? Devilfinger? Only time will tell.

To learn more about the SChannel bug and other urgent technology news, contact LAN Infotech immediately at (954) 717-1990 or send us an email at

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
Client Feedback

“LAN Infotech has been an exceptional resource for our organization. They provide consistent knowledgeable network engineers, round the clock monitoring and are invaluable in our IT infrastructure decision-making process. Their level of customer service has been top-notch and exceeds our expectations – we look forward to a continued partnership with LAN Infotech.”

—Janice M. Pennington
Vice-President of Finance & Administration
National Multiple Sclerosis
Society South Florida Chapter
read more»

Featured IT Services Fort Lauderdale Articles

LAN Infotech Recognized as Leading Microsoft Marketing Partner Worldwide

The team of IT specialists from LAN Infotech are thrilled to announce that they have been recognized on Fifty-Five and Five’s Inbound Marketing Excellence Report as one of the top 250 Microsoft mark

Read more

Featured IT Services

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services