Released to sew up the server hole left vulnerable to Shellshock, Microsoft's patch MS14-066 is causing transport layer security errors and prompting Microsoft to detail a workaround for applying the update.
Microsoft discovered the vulnerability in the Microsoft Secure Channel (SChannel) and proactively released MS14-066 to address the problem. Microsoft branded the patch as "critical," prompting Windows users the world over to jump on board. Secure Channel contains a set of security protocols that provide encrypted identity authentication and secure communication. The package is used by software using built-in SSL and TLS.
Microsoft recommended the patch for Windows Server 2003, Vista, Server 2008, 7, Server 2008 R2, 8, 8.1, Server 2012, Server 2012 R2, RT and RT 8.1.
The software company warned the exploit could be used to deploy remote code execution, but indicated it would take advanced coding and a good deal of time to make use of the exploit. MS14-066 was supposed to resolve the issue before hackers had the time to craft packets complex enough to leverage the exploit, but Microsoft's fumble afforded cyber criminals a bit more time.
"We are aware of an issue in certain configurations in which TLS 1.2 is enabled by default, and TLS negotiations may fail," stated Microsoft. "When this problem occurs, TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive."
Though Microsoft didn't revise the patch, it has detailed steps on correcting the TLS issue and recommends removing the following registry keys:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
For detailed steps on locating the troublesome registry entries, click here.
As for the gravity of the WinShock exploit, security experts seem to agree it isn't quite as dangerous as similar vulnerabilities like Heartbleed or Sandworm.
Rapid7's Josh Feinblum, vice president of information security, echo's Microsoft's stance in asserting organizations exposed to the likes of Bashbug, aka Shellshock, faced an imminent threat, while the recently discovered WinShock is a bit too infantile to facilitate any true dangers right now.
"Microsoft customers can take a deep breath before they dive head first into patching, but should make sure patching is treated at the highest priority given the potential risk if or when an exploit is successfully developed," states Feinblum.
Though it may be too soon to go into a panic of WinShock, another Windows vulnerability was discovered by hackers before Microsoft found out about it.
In late October, the group known as Sandworm was found to be launching spear-phishing attack against organizations in Western Europe and at an academic institution in the U.S. The exploit was believed to have been fully addressed by one of Microsoft's Patch Tuesday releases.
