Trend Micro warns of SChannel bug

Vendor advises Windows users to immediately patch their systems

Tags: Microsoft CorporationTrend Micro Incorporated
  • E-Mail
Trend Micro warns of SChannel bug Windows SChannel is Microsoft's delivery platform to securely transfer data
By  Tom Paye Published  November 20, 2014

Trend Micro is advising Windows users to immediately patch their systems, following the revelation of another major flaw affecting SSL/TLS, this time in Microsoft Windows Security Channel (SChannel).

Windows SChannel is Microsoft's delivery platform to securely transfer data, but the new SSL/TLS vulnerability makes it potentially ‘wormable'. This would pose a threat to e-commerce and other critical web-based apps, Trend Micro said.

The bug, addressed in Microsoft Security Bulletin MS14-066, received a score of 10 out of 10 by the Common Vulnerability Scoring System (CVSS). Microsoft recently released a patch for it.

Based on the propensity for attacks following potential exploit announcements, Trend Micro recommended installing the patch, as well as using a vulnerability shielding product to provide protection while testing and deploying updates.

"Similar to the well-documented Heartbleed exploit, this is yet another example of a latent vulnerability that could have far-reaching effects," said J.D. Sherry, vice president of technology and solutions at Trend Micro.

"When news like this breaks, cyber-criminals go into hyper-drive, developing attacks to take advantage of the flaw. As such, it's important to quickly respond to avoid system disruption and compromise. We are urging our customers to make addressing this bug a top priority and we have provided resources accordingly to complement the latest Microsoft patches."

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code