<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1678611822423757&amp;ev=PageView&amp;noscript=1">
Defrag This

| Read. Reflect. Reboot.

WinShock: Windows Secure Channel Vulnerability Update

Dave Juitt| November 19 2014

| security

Microsoft announced in their security bulletin for November that a vulnerability in SChannel could allow remote code execution, nicknamed WinShock (CVE-2014-6321). The Microsoft Secure Channel (Schannel) is the security package that implements SSL/TLS in all supported versions of Windows server and client operating systems. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. It has an overall CVSS severity rating of HIGH with a exploitability rating of 1.   Winshock

Ipswitch immediately assessed all of its products as soon as we became aware of the vulnerability. Many Ipswitch products rely on Microsoft Windows Schannel security provider for secure communications. To protect against this vulnerability, it is recommended that all customers apply the November 2014 patches to all Windows servers and clients running Ipswitch products. The November patches also include other critical security fixes, including another remote code execution vulnerability (MS14-064), so please install all of the updates.

Please find specific instructions in this Ipswitch Knowledgebase article. As always it's recommended that you test updates and carefully monitor the production system after making any changes.

If you have additional questions, please contact your Ipswitch account manager or preferred reseller.

 

Topics: security

Leave a Reply

Your email address will not be published. Required fields are marked *

THIS POST WAS WRITTEN BY Dave Juitt

Free Trials

Getting started has never been easier. Download a trial today.

Download Free Trials

Contact Us

Let us know how we can help you. Focus on what matters. 

Send us a note

Subscribe to our Blog

Let’s stay in touch! Register to receive our blog updates.