Patch Lady – forget that crypto one, worry about this one

Topic

New Reply

If you are a IT consultant or admin with an Essentials 2012 (or later) server, or use the RDgateway role and expose it over port 443 to allow users to
[See the full post at: Patch Lady – forget that crypto one, worry about this one]

Susan Bradley Patch Lady/Prudent patcher

2 users thanked author for this post.

NetDef, mcbsys

Reply | Quote

Replies

[abbodi86]

Maybe the vulnerable RD technology don’t exit in Server 2008/R2
specially the Web Application Proxy

this one has the exact same description and affected Servers, i suppose each one cover specific RD components
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610

• This reply was modified 5 years, 4 months ago by abbodi86.

1 user thanked author for this post.

doriel

Reply | Quote

I have a question: should we drop everything and rollout the patch and reboot immediatly, or can we patch it over the weekend?

Reply | Quote

Do nothing, we are at Defcon 2.
Wait for more details here.

cheers, Paul

Reply | Quote

If you are a server admin and you let users use RDP/RDgateway or use Remote web access, I patched last night on the server that handles RDgateway.    This is a specific issue with servers, not workstations.

Susan Bradley Patch Lady/Prudent patcher

Reply | Quote

Actually the answer is “it depends”.  Home users that don’t RDP into work access should follow the guidance of their IT admins.  Home users that only RDP into local machines can wait.  Small businesses that use RDgateway to access desktops should be patching that server that handles the RDgateway role asap.

Susan Bradley Patch Lady/Prudent patcher

1 user thanked author for this post.

NetDef

Reply | Quote

Once again I feel (although its not true), that newer systems has more vulnerabilities than the old one. When will poeple learn, that hackers are always going to be one step ahead.

Dell Latitude 3420, Intel Core i7 @ 2.8 GHz, 16GB RAM, W10 22H2 Enterprise

HAL3000, AMD Athlon 200GE @ 3,4 GHz, 8GB RAM, Fedora 29

PRUSA i3 MK3S+

Reply | Quote

[WildBill]

Here’s a new problem… which shouldn’t be 1 unless people are still using IE: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001. There’s a workaround that applies to Jscript.dll. As the guidance says, IE9, IE10 & IE11 .use Jscript9.dll & aren’t affected.

Update: Ignore this; Woody just put a post about it on the Home Page. Saw it when I refreshed… as Emily Latella would say, “Never mind/”

Bought a refurbished Windows 10 64-bit, currently updated to 22H2. Have broke the AC adapter cord going to the 8.1 machine, but before that, coaxed it into charging. Need to buy new adapter if wish to continue using it.
Wild Bill Rides Again...

• This reply was modified 5 years, 4 months ago by WildBill.

Reply | Quote