![\"NCCIC](\"https:\/\/public.govdelivery.com\/system\/images\/37745\/original\/BANNER_NCCIC_USC_01.png\")
<\/p>\n<\/p>\n
National Cyber Awareness System:<\/p>\n
<\/p>\n
Microsoft Windows XP and 2000 may also be affected.<\/p>\n
A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network traffic.[1]<\/a><\/p>\n Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms.[2<\/a>, 3<\/a>] Due to a flaw in Schannel, a remote attacker could execute arbitrary code on both client and server applications.[1]<\/a><\/p>\n It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds.[2]<\/a><\/p>\n Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks.[4]<\/a> An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014.[5]<\/a><\/p>\n This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.[6]<\/a><\/p>\n Microsoft has released Security Bulletin MS14-066 to address this vulnerability in supported operating systems.[2]<\/a><\/p>\n National Cyber Awareness System: TA14-318A: Microsoft Secure Channel (Schannel) Vulnerability (CVE-2014-6321) 11\/14\/2014 10:32 AM EST Original release date: November 14, 2014 Systems Affected Microsoft Windows Server 2003 SP2 Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 Microsoft Windows … Continue reading Description<\/h3>\n
Impact<\/h3>\n
Solution<\/h3>\n
References<\/h3>\n
\n
Revision History<\/h3>\n
\n