An attacker who is able to exploit this vulnerability could potentially run arbitrary code on your machine, which could result in the attacker gaining control of the machine, stealing information, and so forth.
The Microsoft Windows Schannel security provider is the affected component, and many Ipswitch products rely on it for transport encryption (secure communications). We therefore encourage applying the November 2014 patches to all Windows servers and clients.
The November patches also include other critical security fixes, including another remote code execution vulnerability (MS14-064), so please install all of the updates.Please see these links for more information:Microsoft Security Bulletin Summary for November 2014Microsoft Security Bulletin MS014-066https://support.microsoft.com/kb/2992611http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321
We have become aware that this particular WinShock patch, KB2992611, is causing connection problems with the Chrome browser and possibly other clients supporting the TLS 1.2 protocol. It appears that the server must have installed the KB2992611 patch, and both the client and server must have TLS 1.2 enabled, in order to run into potential problems.
Microsoft has updated their support KB page
to include instructions to remove new ciphersuites that were included in the update, in order to work-around this issue (look under the Known issues with this security update
section).Disabling these ciphersuites does not mean that you will become susceptible to the WinShock vulnerability. These ciphersuites were added by Microsoft alongside the fix for the WinShock vulnerability in the KB2992611 patch.
While Microsoft's instructions should work if you run into connection problems after installing the update, note that for MOVEit File Transfer (DMZ) administrators and operators, these new ciphersuites can be more easily disabled via the DMZ Config's SSL tab: