MANILA, Philippines – Microsoft released a critical patch Tuesday, November 11 (November 12, Manila time), to address an exploit that could allow an attacker to remotely execute code on a computer without requiring an authorized account.

The patch – called MS14-066 or “Vulnerability in Schannel Could Allow Remote Code Execution” – affects Windows Server 2003, 2008, 2012, Vista, 7, 8, 8.1 and Windows RT. 

Microsoft does not explain the exploit further, aside from noting that the issue allows “remote code execution if an attacker sends specially crafted packets to a Windows server.”

A report by The Next Web said the security issue itself is found in the Schannel library – the layer that handles encryption and authentication in Windows, notably for HTTP applications.

Microsoft said there was no evidence the bug had been exploited. However, patching computers – or business’ workstations – through Windows update would be the best option. – Rappler.com