Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft: RDP Vulnerability Should Be Patched Immediately

Posted by Soulskill on from the barn-doors-and-horses dept.

wiredmikey writes "Microsoft is urging organizations to apply the sole critical update in this month's Patch Tuesday release as soon as possible. The critical bulletin – one of six security bulletins issued as part of Tuesday's release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP). Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon's AWS, need to patch as quickly as possible, said Qualys CTO Wolfgang Kandek. Besides the RDP bugs, this month's Patch Tuesday addressed five other vulnerabilities: two denial-of-service bugs and an escalation of privileges issue in Microsoft Windows; a remote code execution vulnerability in Microsoft Expression Design; and an escalation of privileges issue in Microsoft Visual Studio."

4 of 126 comments (clear)

  1. Re:Not worrying by hcs_$reboot · · Score: 3, Funny

    Ok, so there are some weaknesses / bugs and patches to be applied to Linux. There are, there were, and there will be. Always. But are we on the same scale here? We are talking about a remote administration GUI security hole ; that nice graphics and windows based environment that allows almost any brainless geek to damage the system from any angle, visually, like a game.

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  2. Re:Not worrying by hcs_$reboot · · Score: 1, Funny
    RDP is a GUI, SSH (for instance) is not. From wiki:

    Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer

    Don't you think it is easier to hack a computer from a windowed based tool where you see the menus and all, than from an austere text based prompt?

    --
    Slashdot, fix the reply notifications... You won't get away with it...
  3. Re:Not worrying by TheInternetGuy · · Score: 4, Funny

    And having a vulnerability in a GUI (RDP) protocol is somehow worse than having vulnerabilities in SSH how exactly?

    Any fool can use the GUI, but with SSH at least you can be sure that you are being hacked and exploited by a fellow geek.

    --
    If my comment didn't sound as good in your head as it did in mine, then I guess we all know who's to blame
  4. Re:Not worrying by SuricouRaven · · Score: 2, Funny

    Windows: So awkward to use, even the hackers will get mired in in the GUI.