Microsoft plugs 'critical' Remote Desktop holes

Today is patch Tuesday, and if you have Remote Desktop enabled in Windows, you might want to let Automatic Updates do its thing and reboot at your earliest convenience. That's because Microsoft has patched a couple of "critical" vulnerabilities affecting RDP-enabled systems.

In the company's words, one of the vulnerabilities "could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system." Only systems that have remote desktop actually enabled are vulnerable, but Microsoft recommends that everyone install the update, just in case. Affected operating systems include Windows XP, Vista, and 7, not to mention Windows Server 2003, 2008, and 2008 R2.

In case you're wondering, Microsoft says the update plugs the holes by "modifying the way that the Remote Desktop Protocol processes packets in memory and the way that the RDP service processes packets."

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.