Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Sad but True - When Check Point researcher informed Microsoft of a flaw in its RDP client he was told his finding "is valid but does not meet our bar for servicing", so it didn't warrant a patch.

Thursday, August 8, 2019

Sad but True - When Check Point researcher informed Microsoft of a flaw in its RDP client he was told his finding "is valid but does not meet our bar for servicing", so it didn't warrant a patch.

But, fixed it one they realized the same flaw could be used to target its Hyper-V virtualization software in Windows 10 and Azure.

The patch came after Itkin discovered an attacker could use the flaw in Microsoft's RDP client for a sandbox escape or a "guest-to-host" virtual machine (VM) escape in Microsoft's Hyper-V Manager

Microsoft security software engineer Dana Baril and Itkin detail the connection between the RDP client and Hyper-V in an aptly titled presentation at Black Hat on Wednesday, called 'He Said, She Said – Poisoned RDP Offense and Defense'.

https://www.zdnet.com/article/windows-10-security-microsoft-dismissed-rdp-flaw-until-it-saw-hyper-v-was-affected/

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Thursday, August 8, 2019

Sad but True - When Check Point researcher informed Microsoft of a flaw in its RDP client he was told his finding "is valid but does not meet our bar for servicing", so it didn't warrant a patch.

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive