WinShock | |
---|---|
Technical name | MS14-066 |
Type | Exploit (from bug) |
Isolation date | May 2014 |
Technical details | |
Platform | Windows Server 2003,Windows Server 2008,Windows Server 2008 R2,Windows Server 2012,Windows Server 2012 R2,Windows 95,Windows 98,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 8.1 |
Abused exploits | Certificate Verification Bypass, Buffer Overflow, Remote Code Execution |
WinShock is computerexploit that exploits a vulnerability in the Windowssecure channel (SChannel) module and allows for remote code execution.[1] The exploit was discovered in May 2014 byIBM, who also helped patch the exploit.[2] The exploit was present and undetected in Windows software for 19 years, affecting every Windows version from Windows 95 to Windows 8.1[3]
WinShock exploits a vulnerability in the Windowssecure channel (SChannel) security module that allows for remote control of a PC through a vulnerability inSSL, which then allows for remote code execution.[1][4] With the execution of remote code, attackers could compromise the computer completely and gain complete control over it.[5] The vulnerability was given aCVSS 2.0 base score of 10.0, the highest score possible.[6]
The attack exploits a vulnerable function in the SChannel module that handlesSSL Certificates.[7] A number of Windows applications such asMicrosoft Internet Information Services use the SChannel Security Service Provider to manage these certificates and are vulnerable to the attack.[8]
It was later discovered in November 2014 that the attack could be executed even if the ISS Server was set to ignore SSL Certificates, as the function was still ran regardless. Microsoft Office,[9] and Remote Desktop software in Windows could also be exploited in the same way, even though it did not support SSL encryption at the time.[10]
While the attack is covered by a singleCVE, and is considered to be a single vulnerability, it is possible to execute a number of different and unique attacks by exploiting the vulnerability includingbuffer overflow attacks as well as certificate verification bypasses.[11]
The exploit was discovered and disclosed privately to Microsoft in May 2014 by researchers in IBM's X-Force team who also helped to fix the issue.[3] It was later disclosed publicly on 11 November 2014,[1] with a proof-of-concept released not long after.[12]
{{cite web}}
:|last=
has generic name (help)