Massive Windows vulnerability could be just as bad as Heartbleed

As scary as Heartbleed was this past spring, it looks like virtually every Microsoft Windows user is in for a little deja vu. Microsoft just released a critical patch for a huge server vulnerability—one that affects quite a few current versions of Windows out there. As of now, Microsoft isn’t aware of anyone actually taking advantage of this vulnerability, which allows “a remote code execution vulnerability… due to the improper processing of specially crafted packets.” 

Remember Heartbleed? You know, the exploit in SSL that was so bad it got its own brand? Microsoft may have an issue of similar scale on its hands with a critical patch issued via Windows Update today. The patch in question is MS14-066, or otherwise known as the cryptically named “Vulnerability in Schannel Could Allow Remote Code Execution,” which affects Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT. Microsoft gives few details about the exploit, other than saying that the bug would “allow remote code execution if an attacker sends specially crafted packets to a Windows server.” In other words, if an attacker modified packets in a particular way and attacked your machine, they may be able to execute whatever code they like remotely without an authorized an account. The attack appears to only affect those running a server on affected platforms.