Trend Micro Raises Awareness about Microsoft Windows SChannel Vulnerability

Trend Micro Raises Awareness about Microsoft Windows SChannel Vulnerability

Versions dating back to Windows ‘95 susceptible

SINGAPORE – 14 November 2014 – With the revelation of a nearly two-decade old flaw in Microsoft Windows Secure Channel (SChannel), Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leaderin security software and solutions, is recommending to Windows users that they immediately patch their systems to avoid being compromised. Windows SChannel is Microsoft’s delivery platform to securely transfer data and this potential exploit presents a “wormable” situation that could enable attackers to commandeer a system without user interaction.

Christened “Winshock,” the bug received a score of 9.3 out of 10 by the Common Vulnerability Scoring System (CVSS). Based on this classification, and the propensity for attacks following potential exploit announcements, Trend Micro’s Deep SecurityTM solution provides protection to combat this vulnerability.

In addition, Microsoft released a patch on Tuesday.

“Similar to the well-documented Heartbleed exploit, this is yet another example of a latent vulnerability that could have far-reaching effects,” said JD Sherry, vice president, technology and solutions, Trend Micro. “When news like this breaks, cyber criminals go into hyperdrive developing attacks to take advantage of the flaw. As such, it’s important to quickly respond to avoid system disruption and compromise. We are urging our customers to make addressing this bug a top priority and we have provided resources accordingly to complement the latest Microsoft patches.”

Trend Micro experts recommend the following action:

 Install Microsoft patches immediately

 Use a browser other than Internet Explorer to reduce risks

 Employ newer versions of Windows platforms, supported by Microsoft

Trend Micro Deep Security is equipped to protect enterprises against these types of attacks with rule
DSRU14-035 covering the CVE-2014-6332 vulnerability.

Blog posts are also available for additional information to help enterprises address this issue, as well as a technical version dissecting the vulnerability in detail.

For the LATEST tech updates,
FOLLOW us on our Twitter
LIKE us on our FaceBook
SUBSCRIBE to us on our YouTube Channel!
    Blogger Comment
    Facebook Comment