One of the most significant patches was a vulnerability in Microsoft's Credential Security Support Provider protocol (CredSSP) which could allow a hacker to gain control of a domain server and other systems in the network
Microsoft also patched a remote code execution flaw in Windows Shell that requires the user to download and open a malicious file in order to exploit it along with Meltdown and Spectre patches covering 32-bit versions of Windows 7 and 8.1, as well as Server 2008 and 2012.
https://www.scmagazine.com/this-months-patch-tuesday-fixed-bug-that-could-exploit-authentication-in-microsoft-remote-desktop-protocol/article/750777/
No comments:
Post a Comment