Movatterモバイル変換

WinShock

From Wikipedia, the free encyclopedia

Computer security exploit, discovered 2014

WinShock
Technical name	MS14-066
Type	Exploit (from bug)
Isolation date	May 2014
Technical details
Platform	Windows Server 2003,Windows Server 2008,Windows Server 2008 R2,Windows Server 2012,Windows Server 2012 R2,Windows 95,Windows 98,Windows XP,Windows Vista,Windows 7,Windows 8,Windows 8.1
Abused exploits	Certificate Verification Bypass, Buffer Overflow, Remote Code Execution

WinShock is computerexploit that exploits a vulnerability in the Windowssecure channel (SChannel) module and allows for remote code execution.^[1] The exploit was discovered in May 2014 byIBM, who also helped patch the exploit.^[2] The exploit was present and undetected in Windows software for 19 years, affecting every Windows version from Windows 95 to Windows 8.1^[3]

Details

[edit]

WinShock exploits a vulnerability in the Windowssecure channel (SChannel) security module that allows for remote control of a PC through a vulnerability inSSL, which then allows for remote code execution.^[1]^[4] With the execution of remote code, attackers could compromise the computer completely and gain complete control over it.^[5] The vulnerability was given aCVSS 2.0 base score of 10.0, the highest score possible.^[6]

The attack exploits a vulnerable function in the SChannel module that handlesSSL Certificates.^[7] A number of Windows applications such asMicrosoft Internet Information Services use the SChannel Security Service Provider to manage these certificates and are vulnerable to the attack.^[8]

It was later discovered in November 2014 that the attack could be executed even if the ISS Server was set to ignore SSL Certificates, as the function was still ran regardless. Microsoft Office,^[9] and Remote Desktop software in Windows could also be exploited in the same way, even though it did not support SSL encryption at the time.^[10]

While the attack is covered by a singleCVE, and is considered to be a single vulnerability, it is possible to execute a number of different and unique attacks by exploiting the vulnerability includingbuffer overflow attacks as well as certificate verification bypasses.^[11]

Responsibility

[edit]

The exploit was discovered and disclosed privately to Microsoft in May 2014 by researchers in IBM's X-Force team who also helped to fix the issue.^[3] It was later disclosed publicly on 11 November 2014,^[1] with a proof-of-concept released not long after.^[12]

References

[edit]

^^a ^b ^c"MS14-066: Vulnerability in SChannel could allow remote code execution: November 11, 2014 - Microsoft Support".support.microsoft.com. Retrieved2024-04-28.
^"WinShock: A 19-year-old bug".www.eset.com. Retrieved2024-04-28.
^^a ^b"Microsoft patches 19-year-old Windows bug".CNET. Retrieved2024-06-16.
^Mayer, Wilfried; Zauner, Aaron; Schmiedecker, Martin; Huber, Markus (2016-08-31)."No Need for Black Chambers: Testing TLS in the E-mail Ecosystem at Large".2016 11th International Conference on Availability, Reliability and Security (ARES). pp. 10–20.arXiv:1510.08646.doi:10.1109/ARES.2016.11.ISBN 978-1-5090-0990-9.
^"CERT/CC Vulnerability Note VU#505120".www.kb.cert.org. Retrieved2024-06-16.
^"NVD - CVE-2014-6321".nvd.nist.gov. Retrieved2024-06-16.
^Czumak, Mike (2014-11-29)."Exploiting MS14-066 / CVE-2014-6321 (aka "Winshock")".Security Sift. Retrieved2024-06-16.
^"Triggering MS14-066 | BeyondTrust Blog".BeyondTrust. Retrieved2024-06-16.
^"Microsoft fixes '19-year-old' bug with emergency patch".BBC News. 2014-11-12. Retrieved2024-06-16.
^Hutchins, Marcus (2014-11-19)."How MS14-066 (CVE-2014-6321) is More Serious Than First Thought – MalwareTech".malwaretech.com. Retrieved2024-06-16.
^Group, Talos (2014-11-11)."Microsoft Update Tuesday November 2014: Fixes for 3 0-day Vulnerabilities".Cisco Blogs. Retrieved2024-06-16.{{cite web}}:|last= has generic name (help)
^Leyden, John."WinShock PoC clocked: But DON'T PANIC... It's no Heartbleed".www.theregister.com. Retrieved2024-06-16.

External links

[edit]

Hacking in the 2010s

← 2000s

Timeline

2020s →

Major incidents

2010	Operation Aurora (publication of 2009 events) Australian cyberattacks Operation Olympic Games Operation ShadowNet Operation Payback
2011	Canadian government DigiNotar DNSChanger HBGary Federal Operation AntiSec PlayStation network outage RSA SecurID compromise
2012	LinkedIn hack Stratfor email leak Operation High Roller
2013	South Korea cyberattack Snapchat hack Cyberterrorism attack of June 25 2013 Yahoo! data breach Singapore cyberattacks
2014	Anthem medical data breach Operation Tovar 2014 celebrity nude photo leak 2014 JPMorgan Chase data breach 2014 Sony Pictures hack Russian hacker password theft 2014 Yahoo! data breach
2015	Office of Personnel Management data breach HackingTeam Ashley Madison data breach VTech data breach Ukrainian Power Grid Cyberattack SWIFT banking hack
2016	Bangladesh Bank robbery Hollywood Presbyterian Medical Center ransomware incident Commission on Elections data breach Democratic National Committee cyber attacks Vietnam Airport Hacks DCCC cyber attacks Indian Bank data breaches Surkov leaks Dyn cyberattack Russian interference in the 2016 U.S. elections 2016 Bitfinex hack
2017	SHAttered 2017 Macron e-mail leaks WannaCry ransomware attack Westminster data breach Petya and NotPetya 2017 Ukraine ransomware attacks Equifax data breach Deloitte breach Disqus breach
2018	Trustico Atlanta cyberattack SingHealth data breach
2019	Sri Lanka cyberattack Baltimore ransomware attack Bulgarian revenue agency hack WhatsApp snooping scandal Jeff Bezos phone hacking incident

Hacktivism

Advanced
persistent threats

Individuals

Majorvulnerabilities
publiclydisclosed

Evercookie (2010)
iSeeYou (2013)
Heartbleed (2014)
Shellshock (2014)
POODLE (2014)
Rootpipe (2014)
Row hammer (2014)
SS7 vulnerabilities (2014)
WinShock (2014)
JASBUG (2015)
Stagefright (2015)
DROWN (2016)
Badlock (2016)
Dirty COW (2016)
Cloudbleed (2017)
Broadcom Wi-Fi (2017)
EternalBlue (2017)
DoublePulsar (2017)
Silent Bob is Silent (2017)
KRACK (2017)
ROCA vulnerability (2017)
BlueBorne (2017)
Meltdown (2018)
Spectre (2018)
EFAIL (2018)
Exactis (2018)
Speculative Store Bypass (2018)
Lazy FP state restore (2018)
TLBleed (2018)
SigSpoof (2018)
Foreshadow (2018)
Dragonblood (2019)
Microarchitectural Data Sampling (2019)
BlueKeep (2019)
Kr00k (2019)

Malware

2010	Bad Rabbit Black Energy 2 SpyEye Stuxnet
2011	Coreflood Alureon Duqu Kelihos Metulji botnet Stars
2012	Carna Dexter FBI Flame Mahdi Red October Shamoon
2013	CryptoLocker DarkSeoul
2014	Brambul Black Energy 3 Carbanak Careto DarkHotel Duqu 2.0 FinFisher Gameover ZeuS Regin
2015	Dridex Hidden Tear Rombertik TeslaCrypt
2016	Hitler Jigsaw KeRanger Necurs MEMZ Mirai Pegasus Petya and NotPetya X-Agent
2017	BrickerBot Kirk LogicLocker Rensenware Triton WannaCry XafeCopy
2018	VPNFilter
2019	Grum Joanap NetTraveler R2D2 Tinba Titanium ZeroAccess botnet

Retrieved from "https://en.wikipedia.org/w/index.php?title=WinShock&oldid=1277695990"

Category:

Computer security exploits

Hidden categories:

[8]ページ先頭

Movatterモバイル変換

Details

Responsibility

See also

References

External links