Microsoft Patch for Reverse RDP Flaw Leaves Room for Other Attacks
Turns out a patch Microsoft issued in February to address a previous — but improper — fix released last August for a security flaw in its Remote Desktop Protocol (RDP) doesn't fully do the job either.
As a result, attackers can still take advantage of the original underlying issue to access sensitive information on a system, modify critical files, steal password files, expose source code of Web applications, and carry out other malicious tasks.
Check Point, which uncovered the original vulnerability and also the problems in the two patches that Microsoft issued to address the flaw, on Thursday urged software developers and security researchers to be aware of the issue and ensure their own software projects are manually patched.
According to the company, while the February patch addresses the vulnerability in the RDP client itself, it does not...