• Insights

Critical Patch Released for all Microsoft Server and Workstation Products

Dan Paquette

< 1 min read

All Insights

Yesterday evening, Microsoft released a security bulletin and related patch rated as Critical for all Server and Workstation products.  The patch addresses a vulnerability that would allow maliciously crafted SSL- or TLS-encrypted traffic to execute code of its choosing on the affected target.

Some firms delay installing Patch Tuesday updates for a variety of reasons.  Given both the severity and likelihood of exploitation of this patch, we urge firms to consider a more immediate response and install this update.  This is especially true for any Server or Workstation product that acts as an internet server, including:  Sharepoint and other IIS servers, Exchange, FTP servers and any other internet-facing server that leverages Microsoft’s schannel implementation of SSL and TLS.

The update requires a restart for all versions of Microsoft Server and Workstation products.