Thread: Patch all those windows boxes
View Single Post
Old 16-11-2014, 22:22   #1
Qtx
Inactive
 
Join Date: May 2012
Location: Probably outside the M25
Services: Sky Fibre Unlimited 40/10
Posts: 3,473
Qtx has a bronzed appealQtx has a bronzed appeal
Qtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appealQtx has a bronzed appeal
Patch all those windows boxes
Probably well known already but on Tuesday Microsoft released two patches among others that fix nasty holes in windows, all the way from windows 95 to windows 10. The SSL/TLS (schannel) bug is worse than the recent Heartbleed bug as it gives full remote command execution without any interaction. The OLE bug could potentially be used in drive-by exloits from visiting a url.

The patches have been reverse engineered and there is an unofficial metasploit module to exploit this but it's not 100% reliable yet. As the patches added some new ciphers too, a scanner looks for these new ssl options as a way to see if the box is patched. Not 100% foolproof either.

Home machines should already have the updates from windows update but servers may need some special love and attention. Patch details are in the CVE links.

Some news stories about these bugs:

http://www.bbc.co.uk/news/technology-30019976
http://www.theregister.co.uk/2014/11...rary_megaflaw/

CVE-2014-6321

Quote:
Overview
Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."

Impact Subscore: 10.0
Exploitability Subscore: 10.0
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
CVE-2014-6332
Quote:
Overview
OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
Impact


Impact Subscore: 10.0
Exploitability Subscore: 8.6


Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Qtx is offline   Reply With Quote