WinShock PoC clocked: But DON'T PANIC... It's no Heartbleed

SChannel exploit opens an easily closed door

Don't Panic towel

Security researchers have released a proof-of-concept exploit against the SChannel crypto library flaw patched by Microsoft last week.

The release of a PoC for the MS14-066 vulnerability through the Canvas tool from Immunity Inc underlines the need to patch.

The flaw opens the door to remote code execution on unpatched servers. Windows Server 2012, Windows Server 2008 R2 and Windows Server 2003 are all vulnerable to the critical flaw, as are workstations.

Microsoft admits that exploitation of the SChannel security flaw is more likely than not. "An attacker could attempt to exploit this vulnerability by sending specially crafted packets to a Windows server," Redmond warned. "An attacker who successfully exploited this vulnerability could run arbitrary code on a target server."

The SChannel flaw is comparable to the infamous Heartbleed vulnerability in OpenSSL An analysis of SChannel by Rapid7 concludes that the SChannel flaw – dubbed WinShock by some – isn't anywhere near as toxic as Heartbleed or other megavulns that have shook the interwebs this year such as Poodle, Sandworm, etc.

"Details surrounding the vulnerability are vague, but Microsoft has indicated that there are no known exploits in the wild and the development of exploit code will be challenging," Josh Feinblum, vice president of information security at Rapid7. "This vulnerability is reported to affect all Windows servers and clients, and while it’s unlikely to be exploited in the immediate future, it should be patched as soon as possible given the possibility of remote code execution."

SChannel is more difficult to exploit and easier to patch than Heartbleed, Feinblum concludes in a blog post.

A video showing a MS14-066 PoC up against Win 7 can be found here. A Video of a similar inert exploit, also put together by Immunity, against default IIS7 HTTPS can be found here.

"This vulnerability poses serious theoretical risk to organizations and should be patched as soon as possible, but it does not have the same release-time impact as many of the other recently highly publicised vulnerabilities.

"Heartbleed, Bashbug, Sandworm, and POODLE are all security risks that were being actively exploited in the wild upon their publication, and exploitation was relatively trivial." ®

Sponsored: Boost business agility and insight with flash storage for analytics