Microsoft’s November 2014 security bulletins brought a dizzying number of fixes; however, one vulnerability stood out in everyone’s minds.
MS14-066 addressed a remote code execution issue with Microsoft SChannel, which provides SSL capabilities to Microsoft third-party products. Like other SSL bugs discovered this year, the vulnerabilities patched in MS14-066 have the potential to be huge.
Why exactly are these vulnerabilities so dangerous?
Listen to our latest Security Slice podcast and hear Tyler Reguly, Lane Thames, Ken Westin and Craig Young discuss why this vulnerability isn’t getting Heartbleed-like media attention in spite of its potential impact and why businesses should patch this bug first.
CLICK HERE TO LISTEN TO THE PODCAST
- Security Slice: Worried About Wirelurker
- Security Slice: Harsh Security Lessons
- Security Slice: Command and Control Evolution
- Security Slice: I Spy with the FBI
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Shellshock and Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock