Microsoft released patches for nine critical vulnerabilities as part of its October Patch Tuesday security update, including one for a Remote Desktop bug that could allow a remote attacker to execute code on victims’ machines. Overall, Microsoft issued fixes for 59 vulnerabilities – including nine critical, 49 important and one moderate in severity. “This month, the Microsoft release is on the smaller side, with security patches for 59 CVEs and no new advisories,” said Dustin Childs, with the Zero Day Initiative. “The updates cover Microsoft Windows, Internet Explorer, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server Management Studio, Microsoft Dynamics 365, Windows Update Assistant and Open Source Software,” he wrote in his breakdown of Microsoft Patch Tuesday security updates. One of the critical flaws highlighted by Childs includes a troublesome remote code execution vulnerability (CVE-2019-1333) that “exists in the Windows Remote Desktop Client when a user connects to a malicious server.” The flaw specifically involves Remote Desktop client machines that connect to servers via Remote Desktop Protocol (RDP). RDP is a protocol offered by Microsoft – and used by thousands of enterprises globally – that allows workers to remotely connect their client machines to servers in order to connect to corporate resources. Remote Desktop clients installed on user machines allow them to connect to a remote server host using…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-10-08 15:55:002019-10-08 15:55:00Critical Microsoft Remote Desktop Flaw Fixed in Security Update
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com