Microsoft vulnerability allows remote code execution via a malformed SSL packet

by
Anonymous Coward
in security on (#2V1G)
Microsoft has quietly patched a serious SSL (Secure Sockets Layer) bug that allows remote code to be executed on any system configured to accept SSL transactions. That is to say, essentially, every Windows system ever made.

The bug is being discussed on Pastebin, where it is being alleged that Microsoft has seriously understated the seriousness of this bug, potentially in an effort to downplay its use as a potential zero day. The same folks are making threats about what will happen if Microsoft doesn't get around to producing patches for legacy systems as well, given how prevalent SSL technology is in today's web browsing environment.

FYI (I got confused) (Score: 1)

by seriously@pipedot.org on 2014-11-13 14:36 (#2V1R)

For the record, this is about CVE-2014-6321 (aka MS14-066) , which is different from CVE-2014-6332 (aka MS14-064), both released last Patch Tuesday

I say this simply to avoid confusion, it seems that so far the news focused on CVE-2014-6332 (national news only talked about that one over here, especially the "19-year old bug" part) whereas CVE-2014-6321 went quite unnoticed.

http://m.theregister.co.uk/2014/11/12/driveby_unicorn_0day_beats_emet_affects_all_windows_versions
Post Comment
Subject
Comment
Captcha
What is Robert's name?