Did you notice the massive Microsoft update this Tuesday? It was enormous. Microsoft released on Tuesday it latest patch that fixes 26 vulnerabilities. This patch included a huge Internet Explorer patch that has been previously exploited. Microsoft is also warning users of a “zero-day attack”.
A zero-day attack is a threat that exploits previously unknown vulnerabilities, meaning the exploit has occurred before Microsoft was aware of the vulnerability. So the software maker has had zero days to address and patch the problem. Basically – a zero-day attacks occur during the vulnerability window that exists in the time between when a vulnerability is first exploited and when software developers start to develop and publish a counter to that threat.
This weeks patch included 26 Vulnerabilities – this included 10 critical patches, 14 important and 2 moderate.
Almost all security experts agree that MS12-037 is the most critical update to grab. This patch includes 13 fixes that affect all versions of Internet Explorer (IE), including Microsoft next version of Internet Explorer – IE10.
Most security experts are also worried about the Remote Desktop Protocol (RDP) bug in this patch. That update, also critical, patches one vulnerability in RDP, a Windows component that lets users remotely access server and desktops.
I have been in this business for over 25 years and RDP security has worried me for a long time. I cannot image why someone would open this port (3389) and use the protocol without the protection of a VPN or security client. It is basically a wide open connection. I strongly advise against using RDP without additional security. Here at Raven Cloud Computing we use secured connections for our customers to reach their cloud desktops and servers.
It is always a good idea to keep your Internet browsers patched and updated. Regular updates can and will keep you out of harms way most of the time. As you are probably well aware – the game between the white hats (good guys) and the black hats (hackers) is a constant battle fought on the Internet battlefield.
If you would like, we provide a Free Technical Assessment, this can be beneficial to new and startup companies that are not sure where to start. You can always find our cloud and hosted services in the right column of this page or by simply going to our website at Raven Cloud Computing