Microsoft warns of RDP attack within next 30 days

Microsoft has released six updates in this month's patch Tuesday, including one critical hole that Redmond warns will be hit in the next 30 days. The remote code execution vulnerability can be exploited to run arbitrary code on the targeted Windows system, Microsoft said.

"This issue is potentially reachable over the network by an attacker before authentication is required. RDP is commonly allowed through firewalls due to its utility. The service runs in kernel-mode as SYSTEM by default on nearly all platforms," Microsoft's Technet blog warned. "The good news is that the Remote Desktop Protocol is disabled by default, so a majority of workstations are unaffected by this issue. However, we highly encourage you to apply the update right away on any systems where you have enabled Remote Desktop."

"It's probably the first patch this year that really raises eyebrows," Wolfgang Kandek, CTO at security solution firm Qualys says. "Attackers really appreciate this type of vulnerability where you can access it through the network and you don't need to social engineer anybody to get credentials. Just by having a machine on the network with that service running you can get control of it."

Among the other patches, four are deemed important. Expression Design has a DLL preloading issue fixed and Visual Studio's add-on handling gets an add-on issue resolved, while the kernel and DNS systems also get a patch. There's also a low priority fix for DirectWrite.

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules