December 8, 2016

Microsoft fixes critical RDP remote code execution vulnerability

Microsoft has released updates for its Windows operating system, and its components, to fix 26 different security related vulnerabilities. Among the bugs fixed is a vulnerability in the Remote Desktop Protocol. The vulnerability, which can be exploited by an attacker sending a sequence of specially crafted RDP packets to an affected system, can allow the attacker to execute code on the target machine.

Microsoft are rating the update as Critical and affected systems include all supported editions of Windows Server 2003 and Windows Server 2008, Windows Server 2008 R2 and Windows 7 SP1. For XP and Vista the vulnerability is less serious and Microsoft have lowered the rating to Moderate. interestingly Windows 7 PCs without SP1 are also rated as Moderate implying that code from Windows server was used in SP1 where as XP, Vista and Windows 7 without SP1 had a different, less vulnerable, code base. Microsoft point out that by default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.

Microsoft has also updated Internet Explorer. 13 vulnerabilities have been fixed that affect all supported versions of IE. The fixes include changes to the way that Internet Explorer handles objects in memory, HTML sanitization using toStaticHTML, the way that Internet Explorer renders data during certain processes, and the way that Internet Explorer creates and initializes strings. These problems have a severity rating of Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows XP, Vista and 7, and could result in remote code execution. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. For Windows Server platforms Microsoft have rated these issues as Moderate.

The other Critical update is for .NET to fix a vulnerability that could allow remote code execution on a client system if a user views a specially crafted webpage using a web browser that can run XAML Browser Applications (XBAPs). The vulnerability could also be used by Windows .NET applications to bypass Code Access Security (CAS) restrictions.

As well as releasing these patch Microsoft also issued a security advisory about a vulnerability in Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 that is being exploited in the wild. Hackers can execute code on a victim’s PCs who visit a web site, using IE, that has specially crafted webpages. The vulnerability exists when MSXML attempts to access an object in memory that has not been initialized, which may corrupt memory in such a way that an attacker could execute arbitrary code in the context of the logged-on user. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007.

Microsoft does not yet have a  patch for this problem, but there is a FixIt workaround tha basically disables the vulnerable component in IE. The vulnerability was discovered by Google, which said it saw the flaw being exploited in the wild in targeted attacks.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks