WinShock: Windows Secure Channel Vulnerability Update from Ipswitch
Microsoft announced, in their November security bulletin, that a vulnerability in SChannel could allow remote code execution, nicknamed WinShock (CVE-2014-6321). The Microsoft Secure Channel (Schannel) is the security package that implements SSL/TLS in all supported versions of Windows server and client operating systems. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. It has an overall CVSS severity rating of HIGH with a exploitability rating of 1.
Ipswitch have assessed all of their products for the vulnerability. Many Ipswitch products rely on Microsoft Windows Schannel security provider for secure communications. To protect against this vulnerability, it is recommended that all Ipswitch customers apply the November 2014 patches to all Windows servers and clients running Ipswitch products.
The November patches also include other critical security fixes, including another remote code execution vulnerability (MS14-064), so please install all of the updates.
Please find specific instructions in this Ipswitch Knowledgebase article. As always it’s recommended that you test updates and carefully monitor the production system after making any changes.
If you have additional questions, please contact your Pro2col account manager on 0333 123 1240.