Follow

Response to CVE-2014-6321 Microsoft Schannel Remote Code Execution Vulnerability

Microsoft has reported a vulnerability (CVE-2014-6321) in the Microsoft Secure Channel (Schannel) security package in Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server.

Please see the following link for publicly disclosed details on the vulnerability:

https://technet.microsoft.com/library/security/ms14-066

Kaseya has reviewed our product offerings in relation to the vulnerability as follows:

Kaseya Virtual Systems Administrator (VSA)

The VSA instances in the SaaS environment do not use Schannel and are not affected by the vulnerability described in CVE-2014-6321.  Additionally, we have deployed the Microsoft Security Update on the Windows Servers in the SaaS environment.

VSA Version 7 and R8 On-Premises do not use Schannel and are not affected by the vulnerability described in CVE-2014-6321, however, it is strongly recommended that customers apply the Microsoft Security Update on the Windows Server hosting the VSA from the link provided above.

VSA Version 6.5 and earlier do make use of the Microsoft Secure Channel (Schannel) security package in Windows and it is strongly recommended that customers apply the Microsoft Security Update on the Windows Server hosting the VSA from the link provided above.

Kaseya Traverse
This product  is not affected by the vulnerability described in CVE-2014-6321, however, it is strongly recommended that customers apply the Microsoft Security Update if they are running on a Windows Server from the link provided above.

Kaseya 365 Command
This product is deployed on Microsoft's Azure Platform and does make use of the Microsoft Secure Channel (Schannel) security package in Windows.  We are working with Microsoft to ensure that the platform is updated and will update this page when it is complete.

Kaseya BYOD Suite

This product does not use Schannel and is not affected by the vulnerability described in CVE-2014-6321, however, it is strongly recommended that customers apply the Microsoft Security Update on the Windows Server hosting the BYOD Gateway from the link provided above.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.