Earlier this week, Microsoft announced a known vulnerability in their encryption “schannel” architecture that can potentially be exploited to allow remote code execution. This vulnerability affects all Windows operating systems and should be considered high-risk, requiring immediate action.
For the complete details from Microsoft regarding this security patch, please read this post from Microsoft’s TechNet: https://technet.microsoft.com/library/security/ms14-066
Along with the announcement on Tuesday, Microsoft released a fix for this problem on all currently support Windows operating systems. This patch needs to be installed on all systems, with the priority being any device that has internet facing services such as Web Servers, Exchange Servers, FTP Servers and PPTP Servers. Additionally, no fix will be released for anyone running Windows XP, as support for the product ran out on April 8th (more info on that here).
If you have any other questions, please don’t hesitate to contact us.
An article from BBC News can be found here: http://www.bbc.com/news/technology-30019976
The ZDnet story can be found here: http://www.zdnet.com/drop-what-youre-doing-and-patch-the-windows-schannel-bugs-now-7000035738/