Schannel zero-day exploit released

Original researcher makes public his own exploit code.

Only hours after Microsoft released a patch for the Windows Schannel Security Package, the researcher who discovered the vulnerability, Thomas Lim of COSEINC, released a public exploit for it. According to Microsoft, the Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page or used an application that makes use of SSL/TLS.

In an e-mail to the Full Disclosure mailing list, Lim said that he discovered the vulnerability on August 28, 2006, and reported it to Microsoft on March 19, 2007. Researchers typically, although not always give a vendor time to patch a vulnerability. Once the vulnerability has been patched by the vendor, a researcher may make an exploit public to help system administrators test the patch and to minimize its value on the black market.

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

New Google OnHub router is one of a kind

Reviewing the search giant's sleek and super-cool OnHub home router (while totally and completely trusting Google with personal info).

by Dong Ngo