2014.11.14 [CRITICAL] Windows "SChannel" Exploit

Update 2:11PM: Hub, WebAdvisor, and UI will be taken down at 2:30PM PST for maintenance.

Microsoft Security Bulletin MS14-066 has been released for a potentially hypercritical exploit called "SChannelShenanigans" by Microsoft.  CalArts IT will be patching all managed Windows systems today, including Lab computers and servers, to mitigate our exposure.

We cannot recommend strongly enough running Windows Update as soon as possible if you are running Windows.  Alternatively you can click on the above Security Bulletin, click on your version of Windows, and download the patch separately.

The National Vulnerability Database ranks this exploit as a 10 (out of 10), which means it is extremely easy for an attacker to utilize.  ShellShock and other recent large security patches have also been ranked as 10's.  Nearly every version of Windows is affected by this particular exploit, which can be run so easily it can occur via an advertisement on a trusted website (say, CNN.com).  

Over the course of November 14th CalArts IT will be updating all our managed computers and cannot stress enough how important it is for Students, Faculty, and Staff to update any Windows devices they may.

Further information can be found here, at pastebin here, and US-CERT here.

All CalArts Windows workstations and servers will need to be patched (desktop computers will be forced to restart).  A maintenance schedule will be posted to this article as soon as one is developed.

Have more questions? Submit a request


Please sign in to leave a comment.