 |
 |
https://technet.microsoft.com/library/security/MS14-066 KB2992611 is a doosey this month, on par with Heartbleed. SCHANNEL is the Windows cryptographic provider that handles SSL/TLS sessions for things like Exchange and IIS, along with plenty of other things. It is vulnerable to a remote code execution attack that executes its payload with the system account, resulting in a total system compromise. If you have any web-facing servers accepting HTTPS sessions over IIS, get them patched as quickly as possible. Other protocols carried over SSL/TLS are also a possible vector but I suspect HTTPS is going to be the main method of attacking systems.