{"id":7030,"date":"2014-12-19T11:35:56","date_gmt":"2014-12-19T10:35:56","guid":{"rendered":"https:\/\/anexia.com\/stagingblog\/?p=7030"},"modified":"2022-04-22T12:13:48","modified_gmt":"2022-04-22T10:13:48","slug":"winshock-test-wrap-up","status":"publish","type":"post","link":"https:\/\/anexia.com\/blog\/en\/winshock-test-wrap-up\/","title":{"rendered":"WinShock Test wrap-up"},"content":{"rendered":"

When WinShock (MS14-066<\/a>, CVE-2014- 6321<\/a>) came to light on 11th of November this year, our emergency response team, consisting of members of our IT and R&D departments created a small shell script which allowed remote detection of the vulnerability.<\/p>\n

After some internal testing we made that script, called winshock-test, available to the general public on GitHub<\/a>.<\/p>\n

Let’s quickly dive into how that script works:<\/p>\n

Besides the critical security fix for MS14-066, Microsoft also introduced a set of four new SSL\/TLS cipher suites with the corresponding patch (KB2992611<\/a>).<\/p>\n

These newly introduced cipher suites created up a simple way for checking the patch-state for those systems: checking whether those cipher suites are supported by SSL\/TLS-based services a host provides or not.<\/p>\n

After realizing this fact, we created a script which uses OpenSSL’s s_client functionality and testing if the target service allows negotation of those cipher suites.<\/p>\n

Besides the script’s source code, some additional information on this approach can be found inside the README file<\/a> of the script.<\/p>\n

As a few weeks have passed since then, it is time for a short wrap-up. Besides praise from IT-operators from all over the world, it seems as if our script also caught some attention from persons and entities within the information security community.<\/p>\n

So, in short our script has been linked to and\/or recommended in the following articles (in alphabetical order):<\/p>\n