Windows Remote Desktop Gateway vulnerability

A vulnerability has recently been discovered in Windows Remote Desktop Gateway, which could leave you open to attacks. The vulnerability requires no user interaction and is pre-authentication. The attacker would be able to execute arbitrary code on your system. This means the attacker could install programs; view, change or delete data; or create new accounts with full user rights. An attacker only needs to send a specially crafted request to the correct service to exploit this vulnerability.

This vulnerability affects all Windows Server 2012 (or later) servers. Server Essentials 2012(R2) encourages and enables Remote Desktop Gateway usage by default, so it’s especially important to patch those.

While there are no known exploits using this vulnerability, it’s always better to be safe so we recommend applying the appropriate patch from this page quicker than you normally would.

Most Recent:

Random Pick:

Change your LinkedIn Password

The login details for 117 million LinkedIn accounts have been put up for sale for $2,200. Your email address and weakly encrypted password may be in that list.

Read More »