Overall: Keep patching, but I hope your weekend will not be diSChannel Update and Experimental Vulnerability Scanner (MS14-066), (Fri, Nov 14th)_HackDig : Dig high-quality web security articles for hackerHackDig" />

HackDig : Dig high-quality web security articles for hacker

SChannel Update and Experimental Vulnerability Scanner (MS14-066), (Fri, Nov 14th)

2014-11-14 15:10

Just a quick update on the SChannel problem (MS14-066, CVE-2014-6321). So far, there is still no public available exploit for the vulnerability, and details are still sparse. But apparently, there is some progress in developing a working exploit. For example, this tweet by Dave Aitel :

" />

Overall: Keep patching, but I hope your weekend will not be disrupted by a major new exploit being released.

Emerging Threats also released some public/free snort rules that promise to cover the various vulnerabilities patched by MS14-066. (http://emergingthreats.net/daily-ruleset-update-summary-11132014/)

I also got a VERY experimental scanner that may be helpful scanning for unpatched hosts. This scanner does not scan for the vulnerability. Instead, it scans for support for the 4 new ciphers that were added with MS14-066. Maybe someone finds it helpful. Let me know if it works. It is a bash script and uses openssl on Unix. You will need at least openssl version 1.0.1h (and you need to connect directly to the test server, not a proxy).

See: https://isc.sans.edu/diaryimages/MSFT1466test.sh (sig: MSFT1466test.sh.asc)

feedback welcome.

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.


Source: ssr;pma&35981=diyrots?lmth.yraid/ude.snas.csi

Read:1855 | Comments:0 | Tags: Vulnerability

“SChannel Update and Experimental Vulnerability Scanner (MS14-066), (Fri, Nov 14th)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud