Critical vulnerability in Microsoft's Schannel library allows remote code execution and denial-of-service attacks. Multiple Windows versions affected. Immediate action required.
Microsoft has issued critical security guidance for CVE-2018-0734, a severe vulnerability affecting the Schannel (Secure Channel) library across multiple Windows versions. This vulnerability could allow remote attackers to execute arbitrary code or cause denial-of-service conditions.
Affected products include:
- Windows 10 (Version 1709, 1803, 1809)
- Windows Server 2016, 2019
- Windows 8.1
- Windows RT 8.1
- Windows 7
- Windows Server 2008 R2, 2012, 2012 R2
The vulnerability carries a CVSS score of 9.3 (Critical), with a base vector of AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. This high severity rating indicates that no user interaction is required for exploitation and that successful exploitation could lead to complete system compromise.
Attackers could exploit this vulnerability by sending specially crafted TLS/SSL packets to a vulnerable system. Successful exploitation could result in remote code execution with system privileges, allowing attackers to install programs, view, change, or delete data, and create new accounts with full user rights.
Microsoft addressed this vulnerability in security updates released on May 8, 2018. Organizations running affected systems must apply these updates immediately to mitigate the risk.
Mitigation steps:
- Apply the latest security updates from Microsoft
- For systems that cannot be patched immediately, implement network-level filtering to block suspicious TLS/SSL traffic
- Monitor systems for unusual network activity or attempted exploitation
- Consider implementing application whitelisting to prevent unauthorized code execution
The Microsoft Security Response Center (MSRC) has published detailed guidance on this vulnerability. Additional information is available in the official security bulletin.
Organizations should also review their incident response procedures to ensure they can detect and respond to potential exploitation attempts. The vulnerability has been actively exploited in the wild since its discovery, making immediate patching critical.
For systems that cannot be patched immediately, Microsoft recommends implementing workarounds such as disabling the affected protocols or restricting network access to trusted sources only.
This vulnerability highlights the critical importance of maintaining timely security updates for all systems handling encrypted communications. Organizations should establish regular patch management processes to ensure vulnerabilities are addressed promptly.
Comments
Please log in or register to join the discussion