Maria Varmazis

WinShock (CVE-2014-6321) - what is it & how to remediate - Whiteboard Wednesday [VIDEO]

Blog Post created by Maria Varmazis Employee on Nov 13, 2014

winshock.pngThis month's Patch Tuesday disclosed vulnerability CVE-2014-6321, dubbed by some as "WinShock," and it's getting some major attention. Our Security Engineer Justin Pagano gives a rundown of this vulnerability with the information we have today—what it is, what it affects, and how you can best remediate it—in this Special Edition of Whiteboard Wednesday.*


Whiteboard Wednesday video: WinShock - What is it? How to remediate?


More information

Our VP of Information Security, Josh Feinblum (@TheCustos), wrote an extensive blog post yesterday on MS14-066 and WinShock specifically, especially regarding how it compares to Heartbleed and ShellShock. I highly recommend reading it if you haven't yet: SChannel and MS14-066, another Red Alert?


We know that CVE-2014-6321 is a remote code execution vulnerability that affects SChannel, and while it does have some potentially nasty exploit capabilities, compared to some previous high-profile vulnerabilities (like Heartbleed, ShellShock, etc), it looks like WinShock may be easier to remediate—Microsoft has already released an initial patch (KB2992.611). That said, we are still learning more about this vulnerability and we expect we will have more developments in the coming days and weeks.


As always, if you have any comments, questions, or suggestions about this or any other of our Whiteboard Wednesdays, Tweet them to @rapid7 or use the hashtag #rapid7WbW -- or of course, drop us a comment right here in the community.




*So special, we released it on a Thursday.