Products

    Pages

        Security Advisories

        Filter by Tags

        Vulnerability
        Updated Date
        Threat
        Identifier
        How is Crestron Affected
        Resources
        SCHANNEL
        11/20/14
        More information
        Threat:

        Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via crafted packets, aka "Microsoft Schannel Remote Code Execution Vulnerability."

        As per CVE-2014-6332, OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability" or WinShock.

        Identifier:
        N/A
        How is Crestron Affected:

        All shipping products were reviewed and the following notes are applicable:

        1. While Crestron 3-Series processors do use Windows Embedded operating systems, the kernel itself is different and it is not immediately clear if the same deficiency is present. We are working with Microsoft to make this determination. The Web Server in these processors does use SChannel for authentication if SSL is enabled. However, in most installations SSL is not enabled. This is further mitigated by the point that there is no scripting support provided on the 3-series web server and so exploitation would be more difficult.
        2. Crestron is working with Microsoft regarding and update to Crestron RL. However, as this is an embedded system with code protection enabled it is not clear the vulnerability is exploitable.
        3. Crestron is working with Microsoft regarding an update to the TPMC-V12, TPMC-V15, DGE-1. However, as this is an embedded system with code protection enabled, it is not clear the vulnerability is exploitable.
        4. Customers running Fusion are urged to make sure to apply Windows updates.
        |<  <   1 2 3 4 5    >  >| Pages: 5 of 5

        Subscribe to get notifications on the latest security updates