With the revelation of a nearly two-decade old flaw in Microsoft Windows Secure Channel (SChannel), Trend Micro is recommending that Windows users immediately patch their systems to avoid being compromised.
Windows SChannel is Microsoft’s delivery platform to securely transfer data and this potential exploit presents a “wormable” situation that could enable attackers to commandeer a system without user interaction.
Dubbed “Winshock,” the bug received a score of 9.3 out of 10 by the Common Vulnerability Scoring System (CVSS). Microsoft released a patch on Tuesday.
“Similar to the well-documented Heartbleed exploit, this is yet another example of a latent vulnerability that could have far-reaching effects,” says Gregory Anderson, country manager of Trend Micro South Africa.
“When news like this breaks, cybercriminals go into hyperdrive developing attacks to take advantage of the flaw. As such, it’s important to respond quickly to avoid system disruption and compromise. We are urging our customers to make addressing this bug a top priority and we have provided resources accordingly to complement the latest Microsoft patches.”
In addition to installing Microsoft patches immediately Trend Micro experts recommend the use of a browser other than Internet Explorer to reduce risks and employing newer versions of Windows platforms that are supported by Microsoft.
