Microsoft (NASDAQ: MSFT) has released a new security patch for its very common Windows operating system. The software giant usually rolls out patch on Tuesday, however, this time company has rolled out one for a bug that can be scary as ShellShock or HeartBleed bugs. A few months ago, HeartBleed bug was found in the SSL/TLS, which allowed the attackers to gain access over a part of the information on the server.
Although there hasn’t been much of the information about the bug, but the Microsoft had something related to the encryption and security of the Windows operating system. The update dubbed as MS14-066 is revolving around to fix the encryption issue. However, the Redmond giant has kept the details about the patch a secret for several reasons. The update has been listed in the critical update, and it’s affecting almost every version of the Windows, including Windows Server 2003/2008/2012, Vista, 7, 8, 8.1 and Windows RT.
Microsoft said, “This security update resolves a privately reported vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.”
Not enough can be said about it but the update is mainly responsible for fixing a bug in the feature that deals with the HTTP protocol or we can say that bug was all about a vulnerability in the way system handles the Internet requests. With this bug lying in your system, an attacker can easily attack your system by making few changes in the packet. The deformed packet can then be used to execute arbitrary code on the system. Microsoft has already abandoned the Windows XP, but apparently the bug is also affecting it.