How Microsoft announced in all versions of Windows, discovered a potentially dangerous security hole. All its users, particularly those who provide any services network – websites or FTP servers – it is recommended to install the patch as soon as possible. Experts compare the threat of rediscovered in April Heartbleed security error .
Was detected gap is related to the way Windows compiles network connections. Its presence has been identified in the so-called. secure channel to Microsoft (Microsoft secure channel, schannel); ironically. He is responsible for the implementation of the system of secure sockets layer secure sockets layer (SSL) and transport layer security (transport layer security, TLS). Simply put, this means that if properly produce an attacker packages you want to send this error to an affected computer, it can use them to run arbitrary code on it.
The essence of this error makes its effects are felt most acutely network administrators of servers running different versions of Windows. And they need most urgently to think about installing the appropriate patch, even if their activities deal with półprofesjonalnie or hobby. This does not mean, however, that the grays users remain completely safe.
As told Ars Technica service marks of Amol Sarwat in the security company Qualys:
- If the [Windows users] have installed any software, listening to one of the network ports, the computer may be at risk. One example of this can be installed with the Windows 7 FTP server accepts connections from the outside.
Amendment of this error has been included in the latest update of the safety, prepared by Microsoft. It has been released at the same time when the information is disclosed to the public of the existence of error. To prevent an attack from its use enough so as soon as possible to go towards Windows Update and upgrade your system.
Microsoft also asserted that at the time of release of the amendment did not have any reason to believe that the problem has already been used by someone for evil. It should be noted, however, that the same was the case in April error detected Heartbleed. Then enough to just 12 hours after the public disclosure that the purpose of the attack fell even the largest pages and portals.
DG
No comments:
Post a Comment