Home / / Trend Micro warns of SChannel bug

Trend Micro warns of SChannel bug

Vendor advises Windows users to immediately patch their systems

Trend Micro warns of SChannel bug
Windows SChannel is Microsoft's delivery platform to securely transfer data

Trend Micro is advising Windows users to immediately patch their systems, following the revelation of another major flaw affecting SSL/TLS, this time in Microsoft Windows Security Channel (SChannel).

Windows SChannel is Microsoft's delivery platform to securely transfer data, but the new SSL/TLS vulnerability makes it potentially ‘wormable'. This would pose a threat to e-commerce and other critical web-based apps, Trend Micro said.

The bug, addressed in Microsoft Security Bulletin MS14-066, received a score of 10 out of 10 by the Common Vulnerability Scoring System (CVSS). Microsoft recently released a patch for it.

Based on the propensity for attacks following potential exploit announcements, Trend Micro recommended installing the patch, as well as using a vulnerability shielding product to provide protection while testing and deploying updates.

"Similar to the well-documented Heartbleed exploit, this is yet another example of a latent vulnerability that could have far-reaching effects," said J.D. Sherry, vice president of technology and solutions at Trend Micro.

"When news like this breaks, cyber-criminals go into hyper-drive, developing attacks to take advantage of the flaw. As such, it's important to quickly respond to avoid system disruption and compromise. We are urging our customers to make addressing this bug a top priority and we have provided resources accordingly to complement the latest Microsoft patches."

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.