This was discussed pretty much all week on SANS Internet Storm Center "Daily Stormcast" podcast.
Handler Diaries - https://isc.sans.edu/diary/How+bad+is+the+SCHANNEL+vulnerability+%28CVE-2014-6321%29+patched+in+MS14-066%3F/18947 & https://isc.sans.edu/diary/SChannel+Update+and+Experimental+Vulnerability+Scanner+%28MS14-066%29/18953 Especially If running Net-visible Windows servers -- e.g. ASPX windows servers -- this *is* urgent. 2nd priority, laptops. Unclear which services a non-server might be vulnerable with to intRAnet attack, so patch them too. /b On Sat, Nov 15, 2014 at 12:32 AM, Stephen Ronan <sro...@panix.com> wrote: > > November 14: > "This flaw allows a remote attacker to execute arbitrary code and > fully compromise vulnerable systems" > https://www.us-cert.gov/ncas/alerts/TA14-318A > > This is what my ISP has to say about it. > > ========================================= > "Extremely serious Windows security vulnerability (alexis) Fri Nov 14 > 19:07:51 2014 > > We don't usually post warnings about security issues in Windows, but this > one is so severely dangerous that it deserves a special mention, because it > applies to every Windows version since 2000, and it does not require any > user behavior - you just have to be on the Internet. If you have Windows > machines, either clients or servers, we advise you to *urgently* drop > whatever you're doing and get them patched. Don't wait for your next > maintenance window (if you have a schedule). > > The US CERT advisory for this vulnerability is: > https://www.us-cert.gov/ncas/alerts/TA14-318A > The last two references listed provide some good insight on this. > > If you thought "heartbleed" and "shellshock" were bad... this is worse. > Much much worse." > > ================================================= > _______________________________________________ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss -- Bill Ricker bill.n1...@gmail.com https://www.linkedin.com/in/n1vux _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss