Since the patch enhances RDP session encryption by implementing DTLS, the weakness appears to be in the existing encryption schemes.Īffects Windows 7, Windows 8, Windows 8.1, Windows Server 2012, and Windows Server 2012 R2 An attacker sitting on the same network as either the client or the server could create specially crafted traffic to tamper with an existing RDP session. This vulnerability affects systems that use Microsoft's Remote Desktop service. Vulnerability in Remote Desktop Could Allow Tampering With a majority of IE 8 users still running Windows XP, this means that neither an IE upgrade nor a patch will be available to most users. This is likely due to the fact that it is the most current version available for the retired Windows XP platform. TippingPoint publicly disclosed the advisory after Microsoft missed a 180-day deadline set by TippingPoint.Īpproximately a quarter of Internet Explorer installations are still on version 8. It's very rare for a security vendor to release any advisory when no patch is available. TippingPoint Zero Day Initiative released this advisory on May 21 without a patch from Microsoft. This includes a patch for the "CMarkup Use-After-Free RCE Vulnerability" in Internet Explorer 8 (CVE-2014-1770). One of the two "Critical" bulletins is for Internet Explorer and contains patches for a massive fifty-nine CVEs, almost all of which are marked with a critical severity. June's Microsoft Patch Tuesday contains seven bulletins, including two rated "Critical" and five rated "Important".
0 kommentar(er)
