Patch Tuesday: Microsoft patches Remote Desktop Protocol exploit
This month’s Microsoft patch Tuesday included more than 70 patches 15 of which were marked as critical and one that could exploit authentication in Microsoft Remote Desktop Protocol.
Microsoft released updates for products including, ASP.NET Core, .NET Core, PowerShell Core, ChakraCore, Microsoft Office, Microsoft Office Services, Web Apps, Internet Explorer, Microsoft Edge, Microsoft Windows, and Microsoft Exchange Server.
One of the most significant patches was a vulnerability in Microsoft’s Credential Security Support Provider protocol (CredSSP) which could allow a hacker to gain control of a domain server and other systems in the network.
The vulnerability affects all Windows versions to date (starting with Windows Vista) and Preempt researchers found that an attacker could exploit the flaw in a man-in-the-middle attack that would allow them to abuse the protocol and remotely run code on the compromised server on behalf of a user.
“This vulnerability is a big deal, and while no attacks have been detected in the wild, there are a few real-world situations where attacks can occur,” said Roman Blachman, CTO and co-founder at Preempt in a March 13 press release. “Ensuring that your workstations are patched is the logical, first step to preventing this threat.”
Source: SC Mag