- Microsoft Windows Server 2003 SP2
- Microsoft Windows Vista SP2
- Microsoft Windows Server 2008 SP2
- Microsoft Windows Server 2008 R2 SP1
- Microsoft Windows 7 SP1
- Microsoft Windows 8
- Microsoft Windows 8.1
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows RT
- Microsoft Windows RT 8.1
Microsoft Windows XP and 2000 may also be affected.
A critical vulnerability in Microsoft Windows systems could allow a remote attacker to execute arbitrary code via specially crafted network traffic.
Microsoft Secure Channel (Schannel) is a security package that provides SSL and TLS on Microsoft Windows platforms.[2, 3] Due to a flaw in Schannel, a remote attacker could execute arbitrary code on both client and server applications.
It may be possible for exploitation to occur without authentication and via unsolicited network traffic. According to Microsoft MS14-066, there are no known mitigations or workarounds.
Microsoft patches are typically reverse-engineered and exploits developed in a matter of days or weeks. An anonymous Pastebin user has threatened to publish an exploit on Friday, November 14, 2014.
This flaw allows a remote attacker to execute arbitrary code and fully compromise vulnerable systems.
Microsoft has released Security Bulletin MS14-066 to address this vulnerability in supported operating systems.
-  NIST Vulnerability Summary for CVE-2014-6321
-  Microsoft Security Bulletin MS14-066 – Critical
-  Microsoft, Secure Channel
-  Reddit, Microsoft Security Bulletin MS14-066
-  Pastebin, SChannelShenanigans
-  Winshock.txt
- November 14, 2014: Initial Release