Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Is MS14-066 the Windows Shellshock?

The latest Patch Tuesday from Microsoft (November 11, 2014) includes fixes for some major vulnerabilities, including remote code execution bugs affecting core Windows components and Internet Explorer. The three major bulletins of note are MS14-064, MS14-065 and MS14-066, all of which have a CVSS score of above 9.0.

MS14-064 patches a bug in the Windows Object Linking and Embedding (OLE) library which appears to be a continuation of vulnerabilities disclosed last month in MS14-060 (aka Sandworm). Researchers have already seen this vulnerability used in the wild for exploitation through the use of malicious PowerPoint files. On the other hand, MS14-065 is a cumulative update that fixes 17 Internet Explorer bugs, including one major vulnerability that would enable an attacker to run code on a target system if the user was encouraged to view a crafted webpage using Internet Explorer.

This week is a good time to do a full credentialed scan

However, MS14-066 is more troublesome, since it’s a remote code execution vulnerability affecting all supported versions of Windows including the Server platforms. This bug was discovered in Schannel, a set of security protocols for communication and identity authentication. This vulnerability is of particular concern because an attacker could utilise it without user interaction. No proof of concept code has surfaced at this time, thanks to Microsoft being tight-lipped on the exact details of the vulnerability. But it won’t be long until proof of concept code does show up, which could be disastrous for any administrator who hasn’t updated Windows.

Is MS14-066, dubbed "WinShock," as bad as Shellshock and Heartbleed? At the moment, due to the lack of details and proof of concept code, it’s hard to say. But a remote code execution vulnerability affecting all versions of Windows Server on a common component like Schannel has the possibility of ranking right up there with the other major vulnerabilities of 2014.

As usual, with any “Bug Du Jour,” Tenable customers should use Nessus and SecurityCenter to identify hosts that are affected and patch accordingly. Plugins for both Nessus and SecurityCenter have been updated to detect if the patches for MS14-064, MS14-065 and MS14-066 are missing on affected hosts. The plugins also check for the 9 other updates released on Patch Tuesday 11/11/14.

This week is a good time to do a full credentialed scan of all the Windows and OS X assets on your network, since we’ve also seen major patches released by Adobe to address critical flaws in Flash and Air, and Google to fix critical vulnerabilities in Chrome.

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets
Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save