Page 1 of 2
Microsoft has released a string of security fixes in conjunction with its August Patch Tuesday.
As previously indicated, Microsoft's dispatch includes nine bulletins, five of which are rated critical and are in need of immediate attention. Additionally, Oracle and Adobe have each announced patches of their own that largely correspond to effectively closing the Microsoft vulnerabilities.
One of the most critical Microsoft bulletins involves a vulnerability in Windows Common Controls. "This one takes the cake," said Andrew Storms, director of security operations at nCircle. "It's similar to a bug they patched in April, but this time the attack vector is an RTF file. The effect is somewhat reduced because you have to open the file; it's not a preview pane kind of thing. But, they are now saying that they have seen limited targeted attacks out in the wild."
But, Paul Henry, security and forensic analyst at Lumension Security, believes that the highest criticality for August goes to the XP patch for RDP. "This is a remote code vulnerability, and no authentication is required," he said. "We've had a string of RDP patches, and people might think they've already patched it. But, this is a different one, and it should be a top priority to get that patch rolled out."
Windows Remote Desktop (RDP) is in use by a substantial number of administrators as a tool in system management. "The key word for this exposure is 'unauthenticated,'" said Jason Miller, manager of research and development at VMware. "If the attacker sends malicious unauthenticated packets, that attacker could gain control. And, that usually translates to a worm of some sort. Even if you don't have an RDP enabled by default, it could be turned on at any time. So, any time you have anything that can be attacked by an unauthenticated user, you have to act right away."