Yesterday evening, Microsoft released a security bulletin and related patch rated as Critical for all Server and Workstation products. The patch addresses a vulnerability that would allow maliciously crafted SSL- or TLS-encrypted traffic to execute code of its choosing on the affected target.
Some firms delay installing Patch Tuesday updates for a variety of reasons. Given both the severity and likelihood of exploitation of this patch, we urge firms to consider a more immediate response and install this update. This is especially true for any Server or Workstation product that acts as an internet server, including: Sharepoint and other IIS servers, Exchange, FTP servers and any other internet-facing server that leverages Microsoft’s schannel implementation of SSL and TLS.
The update requires a restart for all versions of Microsoft Server and Workstation products.