This Patch Tuesday has been a pretty massive event with updates going out left and right, and numerous security problems getting fixed. Among those, Microsoft has finally fixed an issue that has reportedly been present since Windows 95.
The flaw was discovered by IBM researchers who worked with Microsoft on fixing it. And that’s a good thing too as it seems this was a serious vulnerability that could allow remote code execution on virtually all Windows machines.
The problem stems from Microsoft Secure Channel, used to securely transfer data, though it ultimately stems from SSL, the super popular protocol that seems to be quite unsafe.
Luckily there’s no evidence that this problem, dubbed WinShock, has been exploited in the wild until now. However with the patch coming out and more info being released publicly, older systems which are not up to date may be particularly vulnerable now, including machines running Windows Server.
The severity of the vulnerability has been graded a 9.3 out of a possible 10 on the Common Vulnerability Scoring System (CVSS), a measure of severity in computer security.
Update: As some of you have pointed out the source article mistook two different vulnerabilities here. The one talked in about in this article related to schanell is not the one that has been present since Windows 95. There's no clear info on when it first showed up.
The one present since Windows 95 is in relation to OLE and has also been patched by Microsoft in the latest round of updates.
Source: BBC
25 Comments - Add comment