WinShock hit headlines last week as the latest in a string of critical vulnerabilities—including Heartbleed and Shellshock—to leave users exposed to hackers. Like its Linux systems cousin Shellshock, WinShock is essentially a coding error that effectively exposes unpatched Windows servers and Windows workstations to remote code execution. The flaw affects the following Microsoft systems:
- Microsoft Windows Vista, 7, 8, 8.1, RT and RT 8.1
- Microsoft Server 2003, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2
Windows XP and 2000 users are likely also affected, but Microsoft no longer supports these platforms.
The vulnerability exists in the Microsoft Secure Channel, or Schannel. Schannel is designed to use cryptographic algorithms to protect data from being altered or read while that data is in transit between a Windows computer and another computer, and it is regularly in use in HTTPS during secure browsing. According to Microsoft, “an attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server,” which would allow an attacker who successfully exploits the vulnerability to “run arbitrary code on a target server.”
In short, this flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.
How WinShock Could Affect You
Although Microsoft has stated that there are no known exploits for WinShock currently in the wild, it is only a matter of time before hackers figure out how to exploit this Remote Code Execution bug—on November 17, a security research firm release a “proof of concept” exploit that demonstrates the vulnerability is indeed capable of exploitation. As it may be possible for exploitation to occur without authentication and/or via unsolicited network traffic, Microsoft has release Security Bulletin MS14-066 to address the vulnerability in supported operating systems. You can view the Bulletin here.
Your server(s) would be considered vulnerable if it falls within the systems listed above and a security patch has not been installed.
As of November 17, 2014, all NetStandard Clarity Managed Services and Myappsanywhere environment customers are protected from WinShock. Our Data Center, colocation and Custom Cloud customers—those using unmanaged servers—will need to refer to the following references to assess their exposure and plan accordingly:
If you have questions about your vulnerability to WinShock, please feel free to contact your technology manager or contact us here.