Trend Micro warns of SChannel bug
Vendor advises Windows users to immediately patch their systems
Trend Micro is advising Windows users to immediately patch their systems, following the revelation of another major flaw affecting SSL/TLS, this time in Microsoft Windows Security Channel (SChannel).
Windows SChannel is Microsoft's delivery platform to securely transfer data, but the new SSL/TLS vulnerability makes it potentially ‘wormable'. This would pose a threat to e-commerce and other critical web-based apps, Trend Micro said.
The bug, addressed in Microsoft Security Bulletin MS14-066, received a score of 10 out of 10 by the Common Vulnerability Scoring System (CVSS). Microsoft recently released a patch for it.
Based on the propensity for attacks following potential exploit announcements, Trend Micro recommended installing the patch, as well as using a vulnerability shielding product to provide protection while testing and deploying updates.
"Similar to the well-documented Heartbleed exploit, this is yet another example of a latent vulnerability that could have far-reaching effects," said J.D. Sherry, vice president of technology and solutions at Trend Micro.
"When news like this breaks, cyber-criminals go into hyper-drive, developing attacks to take advantage of the flaw. As such, it's important to quickly respond to avoid system disruption and compromise. We are urging our customers to make addressing this bug a top priority and we have provided resources accordingly to complement the latest Microsoft patches."