Feeds

Microsoft warns of RDP attack within next 30 days

Mozilla stalls own update because of Patch Tuesday

Top 5 reasons to deploy VMware with Tegile

Microsoft has released six updates in this month's patch Tuesday, including one critical hole that Redmond warns will be hit in the next 30 days.

The critical flaw covers all versions of Windows and is found in the Remote Desktop Protocol (RDP). It allows attackers to run code remotely behind the firewall, although Vista users and above can activate the Remote Desktop’s Network Level Authentication (NLA) to trigger an authentication request. RDP is disabled by default, but is often activated.

"We are not aware of any attacks in the wild. However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days," said the Microsoft security research center blog.

Of Microsoft's other patches, four are deemed important. Expression Design has a DLL preloading issue fixed and Visual Studio's add-on handling gets an add-on issue resolved, while the kernel and DNS systems also get a patch. There's also a low priority fix for DirectWrite.

The release caused some problems for Mozilla, which had also been planning an update. It said that the issue it was concerned about in Microsoft's patches turned out to be something Mozilla had already fixed, but that it was only making updates available manually for the time being as a precaution.

"In order to understand the impacts of Microsoft’s “Patch Tuesday” fixes, we will initially release Firefox for manual updates only. Once those impacts are understood, we’ll push automatic updates out to all of our users," said Johnathan Nightingale, senior director of Firefox engineering on the browser's blog. ®

Internet Security Threat Report 2014

More from The Register

next story
Be real, Apple: In-app goodie grab games AREN'T FREE – EU
Cupertino stands down after Euro legal threats
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Bada-Bing! Mozilla flips Firefox to YAHOO! for search
Microsoft system will be the default for browser in US until 2020
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.