Microsoft has released a critical update to patch a “privately reported” Microsoft Secure Channel (“Schannel”) vulnerability which affects all current versions of Windows and Windows Server. Says Microsoft, “This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows.”
In an article covering the issue in some depth, Arstechnica explains “People operating Windows systems, particularly those who run websites, should immediately install a patch Microsoft released Tuesday morning.”
Here is the full Microsoft security bulletin, with a link to the bulletin and the patch below:
This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.
This security update is rated Critical for all supported releases of Microsoft Windows. For more information, see the Affected Software section.
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are VERY appreciated! Receipts will come from ISIPP.
The security update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability.
According to Microsoft, the issue affects:
Windows 8.1 Enterprise
Windows 8.1 Pro
Windows 8.1
Windows RT 8.1
Windows Server 2012 Datacenter
Windows Server 2012 Standard
Windows Server 2012 Essentials
Windows Server 2012 Foundation
Windows 8 Enterprise
Windows 8 Pro
Windows 8
Windows RT
Windows 7 Service Pack 1, when used with:
Windows 7 Ultimate
Windows 7 Enterprise
Windows 7 Professional
Windows 7 Home Premium
Windows 7 Home Basic
Windows 7 Starter
Windows Vista Service Pack 2, when used with:
Windows Vista Ultimate
Windows Vista Enterprise
Windows Vista Business
Windows Vista Home Premium
Windows Vista Home Basic
Windows Vista Starter
Windows Server 2012 R2 Datacenter
Windows Server 2012 R2 Standard
Windows Server 2012 R2 Essentials
Windows Server 2012 R2 Foundation
Windows Server 2008 R2 Service Pack 1, when used with:
Windows Server 2008 R2 Datacenter
Windows Server 2008 R2 Enterprise
Windows Server 2008 R2 Standard
Windows Web Server 2008 R2
Windows Server 2008 R2 Foundation
Windows Server 2008 Service Pack 2, when used with:
Windows Server 2008 Datacenter
Windows Server 2008 Enterprise
Windows Server 2008 Standard
Windows Web Server 2008
Windows Server 2008 Foundation
Windows Server 2008 for Itanium-Based Systems
Microsoft Windows Server 2003 Service Pack 2, when used with:
Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
Microsoft Windows Server 2003, Standard Edition (32-bit x86)
Microsoft Windows Server 2003, Web Edition
Microsoft Windows Server 2003, Datacenter x64 Edition
Microsoft Windows Server 2003, Enterprise x64 Edition
Microsoft Windows Server 2003, Standard x64 Edition
Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
Go here to get the patch for this Microsoft Windows security issue
The Internet Patrol is completely free, and we don't subject you to ads or annoying video pop-ups. But it does cost us out of our pocket to keep the site going (going on 20 years now!) So your tips via CashApp, Venmo, or Paypal are appreciated!
Receipts will come from ISIPP.
If you’re still using XP, as I am, note that Windows XP is *not* going to be patched.
Yes. I checked and I already have it.
will this be included in the regularly scheduled updates ?