View Full Version : Windows is vulnerable to web encryption attacks, too

November 13th, 2014, 22:11
http://o.aolcdn.com/hss/storage/midas/bdbdbce6c2fecc5a0b17380eeb329d1a/201078760/microsoft-logo-john-macdougall-afp-getty.jpg (http://www.engadget.com/2014/11/13/windows-schannel-security-flaw/)
Microsoft's software isn't immune to the rash of recent web encryption (http://www.engadget.com/2014/10/14/google-discovers-another-web-security-flaw-that-leaves-your-brow/) exploits (http://www.engadget.com/2014/04/09/how-to-avoid-heartbleed/), it seems. The company has discovered (and thankfully, patched (https://technet.microsoft.com/en-us/library/security/MS14-066)) a Windows flaw that lets hackers use the software's Secure Channel technology, which handles SSL and TLS encryption, to compromise PCs. If you're susceptible, you only have to visit a maliciously-coded website to trigger it; after that, thieves can swipe cryptographic keys and theoretically spy on your communications. The vulnerability primarily affects servers (where a lot of encrypted traffic flows), but Microsoft warns that it also affects regular versions of Windows from Vista on up.