image
Microsoft released patches for nine critical vulnerabilities as part of its October Patch Tuesday security update, including one for a Remote Desktop bug that could allow a remote attacker to execute code on victims’ machines. Overall, Microsoft issued fixes for 59 vulnerabilities – including nine critical, 49 important and one moderate in severity. “This month, the Microsoft release is on the smaller side, with security patches for 59 CVEs and no new advisories,” said Dustin Childs, with the Zero Day Initiative. “The updates cover Microsoft Windows, Internet Explorer, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Microsoft Dynamics 365, Windows Update Assistant and Open Source Software,” he wrote in his breakdown of Microsoft Patch Tuesday security updates. One of the critical flaws highlighted by Childs includes a troublesome remote code execution vulnerability (CVE-2019-1333) that “exists in the Windows Remote Desktop Client when a user connects to a malicious server.” The flaw specifically involves Remote Desktop client machines that connect to servers via Remote Desktop Protocol (RDP). RDP is a protocol offered by Microsoft – and used by thousands of enterprises globally – that allows workers to remotely connect their client machines to servers in order to connect to corporate resources. Remote Desktop clients installed on user machines allow them to connect to a remote server host using…

Source