Microsoft: RDP Vulnerability Should Be Patched Immediately

wiredmikey writes "Microsoft is urging organizations to apply the sole critical update in this month's Patch Tuesday release as soon as possible. The critical bulletin – one of six security bulletins issued as part of Tuesday's release – addresses two vulnerabilities in the Remote Desktop Protocol (RDP). Those IT admins who use RDP to manage their machines over the internet, which is essentially the default in cloud-based installations such as Amazon's AWS, need to patch as quickly as possible, said Qualys CTO Wolfgang Kandek. Besides the RDP bugs, this month's Patch Tuesday addressed five other vulnerabilities: two denial-of-service bugs and an escalation of privileges issue in Microsoft Windows; a remote code execution vulnerability in Microsoft Expression Design; and an escalation of privileges issue in Microsoft Visual Studio."

Re:Not worrying

[bertok]

It could happen to Linux as well. But it doesn't.

Linux does have comparable remote-access protocols to RDP, all of which have had plenty of remote exploits in past. For example have a look at CERT advisories on SSH [google.com] and X11 [google.com]. Don't even get me started on VNC, which is often not updated automatically because it's an installable add-on instead of a system component.

Re:Not worrying

[qu33ksilver]

Actually you are wrong. I am from Citrix so I know, RDP is developed by Microsoft, Citrix has its own proprietary protocol called ICA(Independant Computing Architecture) which is just a wrapper around RDP. Its true that RDP came from WinFrame which was a Citrix product but you are wrong in saying that Microsoft bought RDP from Citrix.