Schannel posts - News Blog

June 12, 2007 1:17 PM PDT

Only hours after Microsoft released a patch for the Windows Schannel Security Package, the researcher who discovered the vulnerability, Thomas Lim of COSEINC, released a public exploit for it. According to Microsoft, the Schannel security package implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) Internet standard authentication protocols. This vulnerability could allow remote code execution if a user viewed a specially crafted Web page or used an application that makes use of SSL/TLS.

In an e-mail to the Full Disclosure mailing list, Lim said that he discovered the vulnerability on August 28, 2006, and reported it to Microsoft on March 19, 2007. Researchers typically, although not always give a vendor time to patch a vulnerability. Once the vulnerability has been patched by the vendor, a researcher may make an exploit public to help system administrators test the patch and to minimize its value on the black market.

Topics:: Security

Tags:: security,; Microsoft,; Windows,; Patch Tuesday,; Schannel

Share:: Digg; Del.icio.us; Reddit; Facebook; Twitter

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

Inside CNET News

Scroll Left Scroll Right

Deep Tech
Long-awaited Bibble 5 raw photo editor arrives
Bibble 5 Pro is out, bringing higher performance and a higher price to the raw-photo editing and cataloging software. Also new: selective editing.
Gallery
NASA trains WISE eye on the sky (photos)
Apple
Report: Apple event to be held January 26
Unnamed source tells Fox News that the company will hold a mobile-focused event in San Francisco on January 26, which could be the day its long-awaited tablet makes its debut.
Beyond Binary
Visual Studio launch delayed by 'a few weeks'
Microsoft says it's still working to resolve some performance issues related to the Visual Studio 2010 developer tool suite, which was slated for a March release.
Video
Deep-sea volcanic explosion--part 2 (video)
Digital Media
Online holiday sales hit $27 billion
E-commerce sales grow 5 percent for the holiday season, reaching $27 billion compared with $25.8 billion last year, says new ComScore report.
Video
Deep-sea volcanic explosion--part 1 (video)
Deep Tech
'Don't-be-evil' Google spurns no-evil software
One open-source software programmer's joke--'The Software shall be used for Good, not Evil'--is a serious matter at Google.
The Space Shot
Soyuz craft docks, boosts space station crew
A Russian Soyuz spacecraft docked with the International Space Station Tuesday after a smooth, automated approach, boosting the lab's crew back up to five.
Gallery
A real-world test of Google Goggles visual search (photos)
Crave
Job ad suggests Xbox Live headed for WinMo phones
A job listing posted by Microsoft seeks a principle program manager who can "bring Xbox Live-enabled games to Windows Mobile."
Green Tech
Green-tech venture investing cools off in 2009
Green tech is still attracting billions of dollars a year, but the amount of money has shrunk significantly as investors began to focus on start-ups with the most potential.

News Blog

Schannel zero-day exploit released

Most Popular

15 sites that went kaput in 2009

Top 10 news stories of the decade

About News Blog

Inside CNET News