A security advisory was published on 11th November 2014 by Microsoft, describing a security threat that may allow arbitrary code execution by hackers. The SChannel (CVE-2014-6321) vulnerability could allow remote code execution, if an attacker sends carefully crafted packets to a Windows server.
This issue lies within Microsoft's SChannel implementation, and has been rated as "Critical" by Microsoft, for all the supported releases of Microsoft Windows.
SigningHub runs on a Windows 2012 Server. Therefore, the official patch has been applied to remove this vulnerability.
Anyone running an on-premise instance of SigningHub Enterprise (also called Ascertia Docs until recently) must also apply these fixes see details.
