is the lady on the beach pic a bid to get away from that hacker-in-hoodie cliche?
time to shutmachine and go home methinks...
Microsoft, Adobe, and SAP may have just ruined more than a few summer vacation plans, thanks to a massive and critical Patch Tuesday bundle of security fixes this month. Microsoft still struggling to close RDP coding blunders Among the 93 CVE-listed flaws patched this month are four particularly serious remote-code execution …
@Bronek - But wasn't the changes MS made to RDS with Server 2012 (?) put the VPN connection within the RDS service, obstensively so you didn't have to run an explicit VPN client etc. I've come across many small installations (with a single in-house LAN) where effectively people have ticked the use VPN box, changed the RDS port on the firewall to a non-standard port and off they go...
If you have RDP exposed to the Internet, STRONGLY reconsider it. Before these patches are applied you were vulnerable.
There are numerous options ranging from VPN (free or commercial options) to remote desktop solutions (Citrix, VMware, Parallels).
If cost is the option, look into DirectAccess instead of unprotected RDP - at the very least you can easily deploy certificates+username to make your environment more secure from remote access vulnerabilities.
Don't laugh. No really.
Just joined a win 10 rds shop. Not used Win10 nor Server 2019 in anger. Previously I would use the various baseline/security tools to find the patch levels pre Win10. So I searched for a MS tool for these later OS versions. Nada. Nowt. Bollocks all.
Besides one person making a droll comment about Nessus is there a tool out there that provides this? Am I barking up the wrong tree? In fact am I losing my mind?!
Yes yes Linux...and mostly probably agree but MS shop.
A (web based) pint to all who help!
There are four vulnerabilities listed in the article:- CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226.
However, only the first two appear to have associated updates for Windows Server 2008 R2. Does this mean that the remaining two (which have updates for Windows 10 and later only) don't affect it?
If they're related, I'd have thought it unlikely that further vulnerabilities were introduced with later version of Windows.
There are reports that this update has introduced an issue with variant arrays in the Visual Basic 6 runtime.
Biting the hand that feeds IT © 1998–2019