Story 2014-11-13 2V1G Microsoft vulnerability allows remote code execution via a malformed SSL packet

Microsoft vulnerability allows remote code execution via a malformed SSL packet

by
Anonymous Coward
in security on (#2V1G)
Microsoft has quietly patched a serious SSL (Secure Sockets Layer) bug that allows remote code to be executed on any system configured to accept SSL transactions. That is to say, essentially, every Windows system ever made.

The bug is being discussed on Pastebin, where it is being alleged that Microsoft has seriously understated the seriousness of this bug, potentially in an effort to downplay its use as a potential zero day. The same folks are making threats about what will happen if Microsoft doesn't get around to producing patches for legacy systems as well, given how prevalent SSL technology is in today's web browsing environment.
Reply 1 comments

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1524

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/lib/tools/tools.php on line 1533

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 80

Warning: Cannot modify header information - headers already sent by (output started at /var/www/pipedot.org/lib/tools/tools.php:2702) in /var/www/pipedot.org/include/common.php on line 82
Fatal Error - sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [93240] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by] - Pipedot
Fatal Error
sql [select reason, count(reason) as reason_count, value from comment_vote where comment_id = ? group by reason order by reason_count desc] arg [93240] msg [SQLSTATE[42000]: Syntax error or access violation: 1055 Expression #3 of SELECT list is not in GROUP BY clause and contains nonaggregated column 'pipedot.comment_vote.value' which is not functionally dependent on columns in GROUP BY clause; this is incompatible with sql_mode=only_full_group_by]