Versions dating back to Windows ‘95 susceptible
With the revelation of a nearly two-decade old flaw in Microsoft Windows Secure Channel (SChannel), Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global leader in security software and solutions, is recommending to Windows users that they immediately patch their systems to avoid being compromised. Windows SChannel is Microsoft’s delivery platform to securely transfer data and this potential exploit presents a “wormable” situation that could enable attackers to commandeer a system without user interaction.
Christened “Winshock,” the bug received a score of 9.3 out of 10 by the Common Vulnerability Scoring System (CVSS). Based on this classification, and the propensity for attacks following potential exploit announcements, Trend Micro’s Deep Security™ solution provides protection to combat this vulnerability. In addition, Microsoft released a patch on Tuesday.
“Similar to the well-documented Heartbleed exploit, this is yet another example of a latent vulnerability that could have far-reaching effects,” said Dhanya Thakkar, Managing Director, India & SEA, Trend Micro. “When news like this breaks, cyber criminals go into hyperdrive developing attacks to take advantage of the flaw. As such, it’s important to quickly respond to avoid system disruption and compromise. We are urging our customers to make addressing this bug a top priority and we have provided resources accordingly to complement the latest Microsoft patches.”
Trend Micro experts recommend the following action:
- Install Microsoft patches immediately
- Use a browser other than Internet Explorer to reduce risks
- Employ newer versions of Windows platforms, supported by Microsoft
Trend Micro Deep Security is equipped to protect enterprises against these types of attacks with rule DSRU14-035 covering the CVE-2014-6332 vulnerability.