Critical Crypto Flaw in Microsoft SChannel Affects All Windows Software: Patch Your Systems ASAP! Don’t Wait Until It’s Exploited!

Microsoft Secure ChannelA few months ago Heartbleed, apparently named after a James Bond villain, was a security bug that made headlines even in major, non-tech focused publications. This well-known bug was a flaw in the OpenSSL cryptography library, which is a layer of security between your computer and the servers of many major online services. Hackers were able to exploit this flaw and extract sensitive information such as usernames and passwords for websites including Facebook, Gmail, Netflix, and WordPress.

Now another crypto flaw is making headlines. A security bulletin recently released by Microsoft warns service providers and IT administrators of a weakness in the Secure Channel (SChannel) provider that uses Secure Sockets Layer (SSL) and Transport Layer Security (TLS) authentication protocols to secure web browsing and communication with other servers.

Like Heartbleed, this SChannel bug allows hackers to access to sensitive information. While this flaw does affect every supported version of Windows and Windows Server software, Microsoft reminds users that so far no one has been attacked.

Server and workstation systems that are running an affected version of SChannel are primarily at risk,” the software juggernaut announced on Tuesday, November 11th. “An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server. Microsoft has not received any information to indicate that this vulnerability has been publicly used to attack customers.”

While no attacks have been reported yet, the clock is ticking. Experts estimate it is only a matter of days before someone exploits this vulnerability. “My guess is that you probably have a week, maybe less, to patch your systems before an exploit is released,” wrote Johannes Ullrich, Ph.D. in a November 12th blog post on the Internet Storm Center blog.

Ullrich also advises service providers and IT administrators to take care while patching to protect themselves from future attacks using the SChannel bug. “Patching is only in part about speed,” Ullrich writes. “Don’t let speed get in the way of good operations and procedures. It is at least as important to patch in a controlled, verifiable and reproducible way. Anything else will leave you open to attack due to incomplete patching.”

Only one question remains: what cool name will the media come up with for the SChannel bug to meet the bar that Heartbleed set? Skulldrop? Cliffjump? Devilfinger? Only time will tell.

To learn more about the SChannel bug and other urgent technology news, contact LAN Infotech immediately at (954) 717-1990 or send us an email at sales@laninfotech.com.

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
 
Client Feedback

“We were having major problems with our email system. We reached out to the IT department of a trusted major law firm here in Miami who in turn recommended Lan Infotech and Michael Goldstein’s team of experts. I find everyone to be professional, knowledgeable and thorough. This gives me huge confidence that I am using a vendor I can trust and rely on.”

—Bart Garratt
HR & Tech. Coordinator
The Legal Aid Society
read more»

Featured IT Services Fort Lauderdale Articles

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services

Reasons Why IT Support in Fort Lauderdale is Necessary for Business Growth

IT support in Fort Lauderdale is turning out a necessity for most businesses. This can be pointed to the fact that embracing IT services helps to improve business productivity and efficiency. However,

Read more

Featured IT Services