By now you have probably received a notice from your technician that they need to do an emergency schannel update to your server. It needs to be applied to any server that has a presence on the Internet first. Other servers are less critical but eventually all will need to be patched. There haven’t been too many times that we’ve jumped when a update came out. Updates are important to keep things running smoothly and securely but most of time these days the odds of the bad guys taking advantage of them is minimal. I can only think of a handful of exceptions. There was a DNS server patch a few years ago, last year there was the cryptolocker security policies that we applied and now there’s schannel. When an exception does occur we need to move quickly. Security is a critical part of what we do. We recognize that when it all boils down the only thing that a business owns is its intellectual property. It’s the one thing that makes you unique from everyone else and so we work to protect the thing that makes you, you.
schannel stands for Secure Channel. It’s the method by which SSL and other encrypted transmissions get started. The bad guys have figured out a way to mess with schannel to interrupt the process where a computer says, I would like to transmit something securely. The server is supposed to respond with the SSL certificate or encryption method depending on the nature of the request. Instead if the schannel is exploited the server would respond as if an encrypted transmission had started when in fact it hadn’t. Your computer would think it was good to start sending the sensitive data and go ahead and start communicating anyway. It is similar to what OpenSSL went through recently with Heartbleed.
How do we determine when to do an emergency patch? Patches are issued with attached technical articles that describe what is being patched and by what means the bad guys would go through to exploit the weakness. Most often we read these and realize that if you happen to be standing in your head, facing west on a Tuesday while the wind is blowing 5 kts then there’s a .0999% chance you might visit an infected website. We put these into the regular monthly or quarterly update cycle. But once and a while, we read them and are hit immediately with the knowledge that this could effect our clients right now! schannel is one of those cases.