Ready or not, here Microsoft Patch Day comes.
As promised, Microsoft released six security bulletins today, containing updates to fix seven security vulnerabilities in Windows, Visual Studio, and Expression Studio. They only rate one of these bulletins as Critical.
The Remote Desktop Protocol (RDP) bulletin is the stand-out update for this month. As you probably know, RDP allows you to remotely gain access to one of your computers over a network, and to control its desktop as though you were physically on the machine. Windows Terminal Servers also use the RDP protocol to allow many remote users to share one machine. Today’s Critical Windows bulletin fixes two flaws in the Windows RDP component, one of which could allow remote attackers to gain complete control of any Windows computers that allow RDP connections. I highly recommend you test and install this particular update first, especially if you manage Windows Terminal Servers.
Microsoft’s updates also fix three other Windows flaws. Though none are quite as bad as the RDP one, a few of them (like the DNS DoS flaw) pose significant risk themselves. In short, I’d recommend you install all of today’s Windows updates as quickly as you can. The remaining two updates fix flaws in lesser used products. If you have software developers in your organization who use Visual Studio, or graphic designers who use Expression Studio, you’ll want to apply those products’ updates as well. However, I suspect attackers won’t as aggressively exploit flaws in those products.
I’ll post a more detailed alert on the Windows flaws and how to fix them, shortly. Since I don’t suspect the Visual and Expression Studio issues affect as many people, I’ll only post a shorter blog-like summary on them later. In the meantime, if you’d like to get a head start patching, check out Microsoft’s summary bulletin for March, which lists these bulletins in order of severity. — Corey Nachreiner, CISSP (@SecAdept)
SANS ISC seems to agree with my thoughts on the high severity of the RDP flaw: http://isc.sans.edu/diary.html?storyid=12781&rss
Definitely patch that one immediately.
Having read this I thought it was very enlightening. I appreciate
you spending some time and energy to put this informative article together.
I once again find myself personally spending way
too much time both reading and commenting. But so what, it was still worthwhile!
WOW just what I was looking for. Came here by searching for negotiation skills seminar
Ahaa, its fastidious discussion regarding this piece of
writing at this place at this blog, I have read all that,
so at this time me also commenting here.
Hello it’s me, I am also visiting this web site daily, this website is actually good
and the people are genuinely sharing good
thoughts.