Microsoft has revealed a vulnerability in the Microsoft Secure Channel (Schannel) security package in Windows that affects a broad range of Windows operating systems, including Windows Server 2003/2008/2012, Vista 7/8/8.1, and Windows RT.
There are no known exploits that have actually used this vulnerability, however it is highly recommended to install the security patch.Please refer to the Microsoft Security TechCenter article for details: https://technet.microsoft.com/library/security/MS14-066.
This vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server. According to the Microsoft security bulletin, https://technet.microsoft.com/library/security/MS14-066, at the time of issue, there was no information to indicate this vulnerability had been publicly used to attack customers.
This security update is rated Critical for all supported releases of Microsoft Windows. To close the vulnerability on Windows-based hosts install the security patch, https://support.microsoft.com/kb/2992611, delivered via Windows Update.