Vulnerability Note VU#505120
Microsoft Secure Channel (Schannel) vulnerable to remote code execution via specially crafted packets
Original Release date: 13 Nov 2014 | Last revised: 17 Nov 2014

Overview
A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network packets.

Description
Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms. Due to a flaw in Schannel (CVE-2014-6321), a remote attacker could execute arbitrary code on both client and server applications.
It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds.
Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks. An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014. Immunity Inc. has developed a proof of concept exploit for their CANVAS tool.
ANEXIA has published a tool to test if a system is vulnerable.

Impact
This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.

Solution
Apply an update

Microsoft has released Security Bulletin MS14-066 to address this vulnerability in supported operating systems.

Vendor Information (Learn More)
Many versions of Microsoft Windows operating systems are confirmed vulnerable, including:

Microsoft Windows Vista, 7, 8, 8.1, RT, and RT 8.1
Microsoft Windows Server 2003, 2008, 2008 R2, 2012, and 2012 R2

Unsupported operating systems such as Microsoft Windows XP and 2000 may also be affected.

VendorStatusDate NotifiedDate UpdatedMicrosoft CorporationAffected-13 Nov 2014If you are a vendor and your product is affected, let
us know.

CVSS Metrics (Learn More)

Group
Score
Vector

Base
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal
8.3
E:F/RL:OF/RC:C

Environmental
9.0
CDP:MH/TD:H/CR:ND/IR:ND/AR:ND

References

https://technet.microsoft.com/library/security/MS14-066
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321
http://msdn.microsoft.com/en-us/library/windows/desktop/aa380123%28v=vs.85%29.aspx
http://adi.is/winshock.txt
http://pastebin.com/bsgX01dU
https://gist.github.com/hmoore-r7/3379af8b0419ddb0c76b
http://seclists.org/dailydave/2014/q4/32
https://github.com/anexia-it/winshock-test

Credit
This document was written by Joel Land.

Other Information

CVE IDs:
CVE-2014-6321

US-CERT Alert:
TA14-318A

Date Public:
11 Nov 2014

Date First Published:
13 Nov 2014

Date Last Updated:
17 Nov 2014

Document Revision:
26

FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email.

Leave a Reply